Adroit Technologies

How to Migrate your Website (3 of 5)

Welcome to part three of our guide about how to migrate your website! This guide is a five part series describing some high level techniques that are common to website and server migrations. Don’t forget to check out part two of this guide for information website log monitoring using Linux.

What’s Going On?

This is part three of a five part guide concerning website and server migration. In this part, we will be discussing the creation of rewrite rules and tracking changed URLs between the old site and the new site.

Setting up Rewrite Rules to Capture lost and changed urls

Migrating from one CMS to the other has become easier as many of these applications are starting to follow the same idea with friendly urls and database driven architecture. But if you are migrating from an older CMS which relied on URL parameters in the query string or differences in the friendly url parameters between CMSs you will need to make sure those urls are being routed to the correct new pages. This same idea applies if your new website site has a different menu structure or filenames have changed. I will go over how to make changes in the rewrite rules for query string matching and full filename matching.

Finding urls that need to be updated

There are a couple ways to go about this, and using the combination of the two is probably a good plan regardless. If your site has been on the web for more then a week you probably have existing information is web search engine caches, or links from other websites. These links that lead to 404 pages will hurt your page rank and other factors of SEO, customer loyalty and retention.

We have directions for the two main Search Engines, Google and Bing.

Using Your Google Webmaster Account to find Links

Login to your Google Webmaster Tools Account.

If you do not have a Google Webmasters Tools Account, sign up for one now or skip to the next option.

Select Your site from the Site listings

Click “Your Site on the Web” Then Click “Internal Links”. This screen shows you a list of links that are used internally in your website and also are found in the Google Search Engine.

Using the Google Site Search to Find Links

Go to Google and using the Advanced Search we are going to search for all links related to your website.

site:atws.ca

Using Your Bing Webmaster Account to find Links

Login to your Bing Webmaster Tools Account. If you do not have one sign up for one now or skip to the next option.

Select Your site from the Site listings

Click on the “Index” tab Then Click “Index Explorer” This screen shows you a list of links that are used internally in your website and also are found in the Bing Search Engine.

Using the Bing Site Search to Find Links

Go to http://www.bing.com. Using the advanced search keywords, we are going to search for all links related to your website.

site:atws.ca -index

Using what we have found to Create Rewrite Rules

Due to caching on the internet, search engine caching, transparent proxies, proxy caching servers and a host of other related technologies, there may be servers containing old information and we need to make sure that we are redirecting people to the proper new pages on our website even if they go to the old URL. There are far more reasons why this is important (SEO, etc) but we are not going to get in to that on this posting.

There are two places you can put Rewrite Rules in Apache:

• .htaccess files
  • you would usually use these if you do not have access to the virtual hosts files.
  • typically resides in the website root directory
  • any one with access to the ftp of website directories can change this file (with the correct permissions of course)
• virtual hosts files
  • main file(s) for all of your apache virtual hosts entries.
  • more control on who can make changes and less likely to get overridden, moved or deleted.
  • typically resides in the /etc/apache2/sites-available directory

We are going to work with our rules in the virtual host entries for the purpose of this guide.

Creating the Rewrite Rules

First we need to make sure the Rewrite Engine is Loaded in Apache

sudo a2enmod rewrite
sudo apache2ctl graceful

This will load the rewrite rule engine in to Apache, then we need to reload Apache to load the module in the configuration.

Determine what type of rewrite rule to use

1. Did you old website use flat files, or have a friendly url rewrite rule that makes it appear as a flat file.
2. Did your website use a friendly urls rewrite rule that is based on directories?
3. Did you old website use URL query string parameters?

The good thing is that Apache will only see what is sent to it, so we do not have to guess what could be happening in the background. Also, keep in mind that these rewrite rules could be used in conjunction, or you may have to come up with your own combination to work with your previous setup.

Rewrite Rules for Flat Files or Rewrite Rules that Appear as Flat Files

This rewrite rule is probably one of the easiest to start and to work with because Apache sees only what is being passed so we can match against the file name completely to get exact matches.

Scenario

In this setup, we have these URLs to match against:

• http://www.atws.ca/index.htm
• http://www.atws.ca/index.html
• http://www.atws.ca/Index.htm
• http://www.atws.ca/Index.html
• http://www.atws.ca/home.htm
• http://www.atws.ca/home.html
• http://www.atws.ca/Home.htm
• http://www.atws.ca/Home.html
  •  
    • RewriteRule
      • Start the Rule
    • ^/(index|home).(htm|html)$
      • Regular Expression Matching
        • Start of String (^)
        • Start of Base URL (/)
        • Match either “index” or “home” filenames
          • () group
          • match “index” or (|) “home” (index|home)
        • (.) the period in the filename needs to commented out as the period is a special character.
        • Match 1 of either “htm” or “html” file extensions (htm|html)
          • () group
          • match “htm” or (|) “html” file extensions
        • End of String ($)
    • /?
      • Destination
        • Rewrite path (/)
        • Disregard all additional Query string parameters (?)
    • [NC,R=301, L]
      • Flags
        • No Case (NC). Not case specific matching, deals with “index” vs “Index”
        • Permanent Redirect (R=301). Send a 301 Header Response
        • Last Rule (L). Stop after this rule is applied.
    • http://www.atws.ca/old-services
    • http://www.atws.ca/old-services/
    • http://www.atws.ca/new-services
    • http://www.atws.ca/new-services/
    • RewriteRule
      • Start the Rule
    • ^/(old-services|new-services)(/)?$
      • Regular Expression Matching
      • Start of String (^)
      • Start of Base URL (/)
      • Match either “old-services” or “new-services” paths
        • () group
        • match either “old-services” or (|) “new-services”
      • Match 1 or 0 of “/” (/)?
        • () group
        • ? zero or one of anything in the group
        • ” / ” forward slash character
      • End of String ($)
    • /services?
      • Destination
        • Rewrite path (/services)
        • Disregard all additional Query string parameters (?)
    • [NC,R=301, L]
      • Flags
        • No Case (NC) Not case specific matching, deals with “old-services” vs “Old-Services”
        • Permanent Redirect (R=301) Send a 301 Header Response
        • Last Rule (L) Stop after this rule is applied.
    • http://www.atws.ca/index.php?p=services
    • http://www.atws.ca/?p=services
    • http://www.atws.ca/index.php?p=old-services
    • http://www.atws.ca/?p=old-services
    • The Rewrite Condition needs to be met before the RewriteRule is even considered.
    • We can still use all of the same Regular Expression functions here.
    • Beware, the order of the Rewrite Condition is opposite of the RewriteRule
      • Condition - Environmental Variable then Regular Expression Matching (Additional Environmental Variables)
      • Rule - Regular Expression Matching then the Destination
    • RewriteCond
      • Tell apache to match the Rewrite Condition
    • %{QUERY_STRING}
      • Access the QUERY_STRING Environmental Variable.
    • ^p=services$
      • Exact Match to “p=services” we are not using any other matching Regular Expression here.
        • Start of String (^)
        • Match “p=”
        • Match either “services” or “old-services”
          • () group
          • Match either “services” or (|) “old-services”
        • End of String ($)
    • RewriteRule
      • Start the Rule
    • ^/(index.php)?$
      • Regular Expression Matching
        • Start of String (^)
        • Start of Base URL (/)
        • Match 1 or 0 of index.php (index.php)?
          • () group
          • ? zero or one of anything in the group
          • index.php the period in the filename needs to commented out as the period is a special character.
        • End of String ($)
    • /services?
      • Destination
        • Rewrite path (/services)
        • Disregard all additional Query string parameters (?)
    • [R=301, L]
      • Flags
        • Permanent Redirect (R=301) Send a 301 Header Response
        • Last Rule (L) Stop after this rule is applied.
    • http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html
    • http://www.askapache.com/htaccess/mod_rewrite-tips-and-tricks.html

  We want it to go to: http://www.atws.ca/

  Creating the Rule

  Turn On Rewrite Engine if it has not already been started in this Virtual Host Entry.

  This needs to always be above all of the rules.

  RewriteEngine On

  Match against the base URL to make sure we are getting Exactly the URL we want to rewrite.

  RewriteRule ^/(index|home)\.(htm|html)$ /? [NC,R=301,L]

  The Results:

  RewriteEngine On
  RewriteRule ^/(index|home)\.(htm|html)?$ /? [NC,R=301,L]

  Using the () grouping with the pipe (|) allows us to match against a bunch of different values that could be going to the same destinations. This way, you don’t need to make up a separate Rewrite rule for each filename. Keep in mind that this would make the resulting Rule hard to read and understand.

  Rewrite Rules for Friendly URLs based on Directories

  Matching against directories is very similar to the file based matching but without the filename. This is typically a result of an existing rewrite rule creating friendly URLs. This is very similar to the file matching.

  Scenario

  In this setup, we have the URLs:

  With our new CMS, we want it to go to: http://www.atws.ca/services

  Creating the Rule

  Turn On Rewrite Engine if it has not already been started in this Virtual Host Entry.

  This needs to always be above all of the rules.

  RewriteEngine On

  Match against the base url to make sure we are getting Exactly the URL we want to rewrite.

  RewriteRule ^/(old-services|new-services)(/)?$ /services? [NC,R=301,L]

  The Results

  RewriteEngine On
  RewriteRule ^/(old-services|new-services)(/)?$ /services? [NC,R=301,L]

  Rewrite Rules for URLs with Query String Parameters

  This rewrite rules are typically used in conjunction with the flat file matching but contain some additional conditions. With URL query string parameters, you need to request them from the Apache environmental variables as they are not part of the base URL that is available to the rewrite rules.

  Scenario

  On our old setup, we have the URLs:

  With our new CMS, we want it to go to: http://www.atws.ca/services

  Creating the Rule

  Turn On Rewrite Engine if it has not already been started in this Virtual Host Entry.

  This needs to always be above all of the rules.

  RewriteEngine On

  Create the QUERY_STRING Condition for the Rule.

  RewriteCond %{QUERY_STRING} ^p=(services|old-services)$

  Match against the base URL to make sure we are getting exactly the URL we want to rewrite.

  RewriteRule ^/(index\.php)?$ /services? [R=301,L]

  The Results

  RewriteEngine On
  RewriteCond %{QUERY_STRING} ^p=(services|old-services)$
  RewriteRule ^/(index\.php)?$ /services? [R=301,L]

  Other Rewrite Rule Resources

  Test, Test, Test…

  Fire up your web browser and test out all of the rewrite rules you just created. Watch the logs for errors; however, most of them will be very apparent on the web browser—it is not going to where you want it to go.

  Following up on the Rewrite Rules

  To follow up on the progress the search engines are making on re-indexing your changes in to their indexes we can use the webmaster tools.

  Using Google’s Webmaster Tools to Check for Crawl Errors

  Diagnostics > Crawl errors

  

  Using Bing’s Webmaster Tools to Check for Crawl Errors

  Crawl > Crawl Details > Click on the HTTP Code you want to view.

  

  If you find any broken URL’s go back to your rewrite rules and add or updates your rules.

How to Migrate your Website (2 of 5)

Welcome to part two of our guide about how to migrate your website! This guide is a five part series describing some high level techniques that are common to website and server migrations. Don’t forget to check out part one of this guide for information on site backup, local hosts configuration and Apache virtual hosts!

What’s Going On?

This is part two of a five part guide concerning website and server migration. In this part we will be discussing the monitoring of your website logs and server administration techniques.

Website log monitoring

With the setup and configuration of a new site, you may find you run into some errors and problems that require some basic troubleshooting. Let us begin out monitoring session with the use of the Linux screen application! Screen allows you to have multiple terminal sessions open under a single connection and switch between them in a terminal window. This is effectively terminal multiplexing and can be achieve at a local console with the virtual terminals by using ALT+F1-ALT+F9.

You can also achieve this same effect by opening another terminal windows and having them run side by side; some times this is more effective but at times the remote server may not permit multiple connections from the same IP.

Start up screen with the follow command:

screen -a

Screen effectively operates as a virtual container for shell sessions—somewhat like an MDI parent container. The following are useful commands for screen:

1. Create a new screen/shell:

   CTRL+a c

2. Switch between screens:
   • Next Screen:

     CTRL+a n OR CTRL+a <spacebar>

   • Previous Screen:

     CTRL+a p OR CTRL+a <backspace>

   • Toggle between two screens:

     CTRL+a CTRL+a

3. Display a list of screens:

   CTRL+a "

4. Lock your screen session:

   CTRL+a x

   This allows your leave your connection open and leave the keyboard. You will have to reenter your username’s password to continue the session.
5. Detach (background) the screen session:

   CTRL+a d

   This allows you to background all of the active screen sessions so you can come back (reattach) the session later. This is useful if you have to restart the SSH server or change the network configuration. To reattach a detached session, execute screen -r

With our configuration outline in part one of this guide, we assume that Apache is being used as the web server. With a default configuration of Apache, the error logs will typically be located in:

/var/log/apache2/

Let’s setup a new screen session with a scrolling list of Apache errors:

1. Create a new screen with

   CTRL+a c

2. In this new shell, execute the following command:

   tail -n25 -f /var/log/apache2/error.log

   This allows 25 lines to be displayed from the error log which will continually update as new errors occur.

Using this method, we can maintain an active scrolling log on one screen and work on another. This allows us to quickly check the logs without severely disrupting our work!

Getting Fancy with tail + grep

If you are on a shared environment, or don’t have your own set of logs files to follow with tail, or even just to watch for specific errors you can use grep to filter your tail results. Without going into too much detail, we will present you with a few examples of what is possible:

Filter Results to only show any lines which contain the word “services”

tail -n25 -f /var/log/apache2/errors.log | grep services

Filter Results to show results that DO NOT Contain the word “services”.

tail -n25 -f /var/log/apache2/errors.log | grep -v services

Once you introduce grep into the mix, the possibilities become endless!

These are just a few basic examples but please feel free to comment with some tips techniques that you utilize. Also, look out for part three of the site migration series where we discuss the setup and configuration of Apache Rewrite Rules using the mod_rewrite engine!

How to Migrate your Website (1 of 5)

Welcome to our guide about how to migrate your website! This guide is a three five part series describing some high level techniques that are common to website and server migrations. To begin, we will describe the topics that will be covered along with the required environment setup.

What’s Going On?

If you are transitioning from an old design to a new design, changing Content Management Systems (CMS) or transferring to a new server, there are several steps that must be carefully executed. For Adroit Technologies, we finished migrating our website to a new design and CMS. We decided to start to a guide to help people who may be confronted with a migration process and to present some issues that people may encounter.

This guide was not designed to be a fully inclusive howto but rather a high level reminder of, “Oh yeah!” to help guide you as to what may be required while you do your transition. So let’s begin with what we will cover:

Whats Covered in this Guide

• Setup and Testing of your New Site without taking down your old site. (Part 1)
• Using the log files and the screen command to monitor your website (Part 2)
• Setup Rewrite Rules to Capture lost/changed urls. (Part 3)
• Making the switch (Part 4)
• Updating of Search Engine Sitemaps & Verifications (Part 5)

Whats Not Covered in this Guide

• You breaking something that is outside of your realm of knowledge. Use this guide at your own risk.
• Uploading and setup of your CMS and website files.
• Working Knowledge of FTP, SSH, DNS, Linux, Apache and other related technologies.
• You having access and permission to the root shell of your webserver.
• Access to Coffee and/or Tea and/or Beer

Environment & Software

• A webserver that has a Linux installation. Perhaps even a LAMP setup
• Access to the website with SSH and FTP (or SCP with SSH)
• Root permission or your user as a part of a group that is in the Sudoers (typically the admin group)

First Things First - Backups!

As always, before you do anything, CREATE BACKUPS. Seriously though. If you didn’t create backups and something goes wrong, it is always going to be your fault. This is your last warning, create backups please.

Now with that in mind, these are some areas to consider backing up:

1. Your current site to either your computer or to a different directory on the server
2. Any databases and or support files

Also, don’t forget to do the following:

1. Upload your new website/CMS/etc… to a different folder; don’t overwrite your current one!
2. Upload all files required for the new website (database, html, images, etc) into an SVN, CVS or GIT repository (if available)
3. Setup any databases and other support files you might need.

Test your new site without taking down your old one!

Since your current website is live, we don’t want to cause any sort of service interruption that may occur when we upload our new website. We ran into a small issue where we needed to change a configuration path. If we would have over-written our live site with our new site, customers would have noticed the error page.

A simple and easy method to avoid such issues from occurring is to upload the new site into a separate directory and create a simple host file entry. This is a method to test your new website without taking down your old site, while still keeping it semi-hidden from the outside world and while avoiding the setup of new DNS entries to test the site.

Hostname resolution using the hosts file

To resolve domain names, an operating system uses a few different methods to convert a domain name to its associated IP address. For a basic high level understanding, the process to resolve a domain name is as follows: the operating system first checks its local resolution/cache and then the DNS server that was configured either through DHCP or manually. We are interested in the first option, the local resolution/cache. This is usually implemented through a basic table saved in a file. For Windows XP, this file exists in [Windows Install Directory]\system32\drivers\etc\hosts and for Linux, this will is located in /etc/hosts.

We will edit this file to create a simple “pointer” to our new website without having to modify and update a DNS server. Using this method relies on a virtual host entry in Apache which will be discussed shortly.

1. Open up Notepad, or Notepad++, or gEdit, or Nano
   1. If you are running Windows Vista or Windows 7, you will need to run these programs as an Administrator
   2. Winth Linux (and Mac), you will need to sudo/gksudo the editor in order to save the changes
2. Open up your hosts file
   1. For Windows, this is located in: [Windows Install Directory]\system32\drivers\etc\hosts
   2. For Linux, this is located in: /etc/hosts
3. Enter a new line into your hosts
   1. You would enter your web server IP address in place of the 192.168.1.1 address

      192.168.1.1     new.website-url.com

   2. To get your IP Address of the server on Windows.

      Start > Run > cmd 
      ping atws.ca  
      

   3. To get your IP on linux:

      host atws.ca

Now that we have a “domain” that points to our new site, we need to setup an Apache vhost (virtual host) entry.

Setup a new Apache vhosts entry

A virtual host (vhost) allows for a system administrator to serve multiple websites from a single computer on a single IP Address. Typical uses of vhosts are found on shared web hosting. Vhosts rely on the user’s browser sending the address that the user typed in to the browser in the Host option of the HTTP header. This allows the server to distinguish which website to serve to the user.

With this brief introduction in mind, let’s add some virtual hosts to the vhosts file of Apache

1. Login to the webserver using a terminal client program. PuTTY is a good Windows client for SSH access.
2. Backup the current vhosts file(s) for your website(s)
   1. Typical virtual host entries location:

      /etc/apache2/sites-available/

   2. Example:

      sudo cp ./vhosts ./vhosts.June.17.2010

3. Edit the current website file and add a new virtual hosts entry
   • Example virtual host entry:

     <VirtualHost 192.168.1.1>
     ServerName new.yourdomain.com
     DocumentRoot /path/to/your/new/website/directory
     DirectoryIndex index.php
     </VirtualHost>
     

   • This virtual hosts entry is very simple and is used as an example; you may have to add additional parameters for your website setup (use your old virtual host entry as an example.)
   • More information about virtual hosts configuration
4. Enable the virtual host file in Apache. This only needs to be done if a new virtual host file was created in sites-available

   sudo a2ensite new.yourdomain.com

5. Reload Apache for the virtual host file to take effect

   sudo apache2ctl reload

6. Try to access the website using the virtual host entry along with the new hosts entry

Conclusion

With the above steps, we have backed up our site and support files, setup a temporary hosts entry and created a vhost entry for Apache. This provides a quick and effective method for site migration with minimal down time. We have also learned about vhosts, domain name resolution and hosts files.

If you have any comments, questions or additions, please comment below!

Next…

Look forward later this week for part two of the Site Migration Series where we will discuss traffic and and website monitoring along with system administration techniques to ease this process.

Use Google Page Speed to check the speed of your website, focusing on DNS and other common issues

Quick list to speed test and get suggestions for speeding up your website from Google.

1. Install Firefox 3.6.x (latest)
2. Install Firebug (latest)
3. Install Google Page Speed (latest)
4. restart firefox
5. load your website
6. run firebug
7. click on Page Speed tab in firebug
8. expand the plus signs beside suggestions, and hover over green checkmarks, exclamations to see your score for each item

Find Google Page-Speed addon and more detailed instructions here: Google Page-Speed

How to correct the copyright year in ModX’s Ditto RSS Feed Builder

The ModX CMS provides a great plugin called Ditto. Ditto allows a web designer to quickly summarize web pages (documents) and display the summarizations in customized formats such as in a Blog, an RSS feed or even a sitemap.

While creating this website in the ModX CMS, we decided to implement an RSS feed for this Blog and discovered that we could implement it quickly and correctly with the Ditto plugin that was bundled with the installation of ModX.

I setup the call to Ditto as follows:

[ [Ditto ? &parents=`2` &format=`rss` &display=`20` &total=`20` &removeChunk=`Comments`] ]

With the default installation, this worked quite nicely; but after reviewing the output, the copyright tag was displaying the wrong year—2006.

After some hunting through the code, I determined that there are two ways to fix the problem.

Method 1

The internal code for Ditto attempts to use the PHP variable called $copyright. If this variable does not exist, it will default the copyright year to 2006. What a user can do is create a new Snippet that creates a $copyright variable and sets it to a year then calls Ditto.

Method 2

This method will allow for the copyright year to always remain up to date but it depends on the site’s language. What you will need to do is find the language file that your site uses and change it there. For example, if your site uses English, you will be looking for the english.inc.php file in [install_location]/assets/snippets/ditto/lang/. For this file, on line 42, you will find the following line: $_lang[‘default_copyright’] = “Adroit Technologies 2006”; For our installation, I changed it to the following: $_lang[‘default_copyright’] = “Adroit Technologies “.date(“Y”,time()); This will return the server’s year portion as YYYY.

I originally left this as a solution on devcomments.com but I feel that additional clarity will help improve this situation.

HOW TO: A quick quide to CUPS for the Common User

I was recently tasked with the installation, configuration and setup of a Ubuntu 8.04 CUPS based Linux print server for one of our clients. Being a Linux enthusiast, this is a relatively simple task; however, I was used to the GUI configuration side of things. The documentation for CUPS and Samba is… okay… but they don’t do a good job at explaining the why, or the results of a particular configuration value.

Through the discovery, research and testing, I created a short howto document to recreate essentially what I did. The following is the “blog” like conversion of the document. Please feel free to comment, criticize and suggest changes! I hope this post will help shed some light about Samba and CUPS!

~Jaymes Bearden, ATWS

CUPS Printer Server Installation and Configuration

The following are steps to setup and configure a CUPS based Linux print server. Some steps may require modification to fit your exact environment. This process should take an advanced user approximately 15 minutes to complete. For new users that carefully follow these steps, this guide should take approximately 45 minutes to an hour to complete.

Environment Setup and Configuration

1. On a Debian based distribution (Ubuntu, Kubuntu, etc), install the following using sudo apt-get install
   1. cupsys (For ubuntu 8.04. For newer releases, this may just be cups)

      • Example: sudo apt-get install cupsys

   2. cupsys-client
   3. cupsys-common
   4. cupsys-driver-gutenprint
   5. cups-pdf (If you want the ability to create PDFs on the server)
2. If you want the ability to “search” for the printer by navigating to the printer server “My Network Places” in Windows, execute the following:
   1. Install Samba with sudo apt-get install samba
   2. Modify the Samba configuration file located in /etc/samba/smb.conf to match your environment. Attached in Appendix A is an example configuration file, otherwise, consult the man pages for the configuration options (man smb.conf). Specifically, the following is required for printer navigation and driver installation:
      • The setup of [printers] and [print$]
      • The configuration of the [global] options: load printers, printer, printcap name, printer admin
      • Note: The “printer admin” option must be set to a valid user that has been added to the Samba database using the smbpasswd -a command as root (or using sudo). This user will be able to upload new printer drivers to the server.
   3. With the configuration of Appendix A, all users that need to connect to the server will have to have their own account on the Linux server, or, they will need to share a low security common account. You will need to create an account on the Linux server using the adduser command.
      • sudo adduser —shell /bin/true —no-create-home username.
   4. With the previous command, the user ‘username’ will be created but they will not be able to login locally to the machine through terminal or SSH. If you want this user to be able to administer the printers (add, remove, upload drivers to the print server), that user needs to be apart of the lpadmin group.
      • Note: NOT EVERY USER NEEDS TO BE IN THE lpadmin GROUP. ONLY THE ADMINISTRATOR.
   5. To add a user to the lpadmin group, execute the following command:
      • sudo adduser username lpadmin
   6. You will now need to add all of the users that will have access to the server to the Samba password database. Execute the following command with each user that you want to give access to server from Windows (the user(s) that you created in step 2c)
      • sudo smbpasswd -a username
      • Note: This user must already exist from step 2c. You will need to re-enter the password to the user. They do not need to match, but this will be the password that will be required to connect to the server by using the “My Network Places” browsing feature.
3. Setup CUPS as follows:
   1. Find the configuration file at /etc/cups/cupsd.conf
   2. See Appendix Bfor an example configuration file.
   3. The following options need to be changed: SystemGroup, Port, Browsing, BrowseAllow, BrowseAddress and the setup of <Location /> and <Location /admin>
4. Allow the lpadmin group to create files in the printer directory
   1. Acquire the location of the printer drivers directory. Using Appendix A, this will be located in /var/lib/samba/printers. You can find this directory under the [print$] heading in /etc/samba/smb.conf.
   2. Modify the permissions of the folder and its sub folders such that they have the group set to lpadmin, sticky group bit and read, write, execute on group. Example using /var/lib/samba/printers
      • sudo chown -R root:lpadmin /var/lib/samba/printers
      • sudo chmod -R 2775 /var/lib/samba/printers
   3. These steps ensure that a remote user that is in the lpadmin group can upload new print drivers to the server. When you first connect to the server by browsing to it in “My Network Places” in Windows, you will need to supply a username and password of a user that is in the lpadmin group (a user as setup in step 2e and added to the Samba database in step 2f). Once this has completed, you will have the option to upload new print drivers which will be explained later.
5. At this point, the server should show up in “My Network Places” on Windows based machines that are connected to the same network as the Linux/Samba server. You should be able to connect to the server by double clicking its name. If you supply a valid username and password as setup in steps 2e and 2f then you should be able to view a folder called “Printers and Faxes” which should be empty. If you decided to install the pdf printer, it should show up and you should be able to connect and print to it. If a connection fails to be established to the server, restart the the Windows machine as Windows will cache connection credentials to the server that do not get flushed for a long period of time.

CUPS Specific Configuration

Using a computer that is connected to the same network as the CUPS server, or on a network that you defined to be allowable in the cupsd.conf file, use a browser to connect to the CUPS configuration webpage. You will need to supply the IP address of the server followed by a colon (:) and the port as defined in the cupsd.conf. The default port is 631.

• Example:http://192.168.1.7:631/

After navigating to this page, you will be presented with the CUPS control panel. Here you can add, remove and modify printers, setup printer groups called classes (3^rdFloor, 2^nd Floor, East Wing, etc), print test pages, change printer options, move print jobs between printers and much more.

You may to need find and download Linux/CUPS specific drivers for your server. Sometimes the printer will be auto-detected and may not need the following steps. If your printer was auto-detected, make sure it is functioning correctly by printing a test page; otherwise, you may have to follow the vendor specific instructions for your printer to install the appropriate Linux print drivers.

View Appendix C for an example setup of a Samsung ML2010 printer.

To setup a new printer, follow these steps after connecting to the CUPS control panel with a browser:

1. Click on the Administration tab to setup a new printer. In this tab you will see the PDF printer if you opted to install this is step 1e.
2. Click Add Printer under the Printers heading
3. Type in a name, location and description following the instructions on this page. Click Continue.
4. Select the driver’s connection type from the drop down list. If you are using CUPS to manage a printer that is connected to another computer, for example a Windows machine that has a printer shared, you will need to select Samba.
   • Note: If the printer is connected by USB, the printer must be connected to the computer and powered on BEFORE the CUPS software is started up. CUPS is started when the computer is turned on. If your printer was not connected and turned on before you turned on the server, do the following steps on the server:
     1. Stop CUPS with the following command: sudo /etc/init.d/cupsys stop. For newer installations cupsys might be cups.
     2. Turn on the printer and connect the printer’s USB cable to the server.
     3. Start CUPS with the following command: sudo /etc/init.d/cupsys start. For newer installations, cupsys might be cups.
     4. Refresh your browser that is connected to the CUPS control panel.
5. There is a chance that the printer will be auto-detected at this stage and it will select the recommended driver. Try this driver first.
6. The printer should be installed and ready for use.

Test the printer by printing a test page

1. Click the Printers tab.
2. Under your printer’s heading, click Print Test Page.
3. Verify the printer prints the correct test page. You may need to modify the the printer options under the Set Printer Options to select the paper size, quality, etc.

At this point you should have a working CUPS printer that is browsable through the network.

Setup a Vendor Specific Driver for Auto-download

In order to execute these steps, you must connect to the server using the username that was set with the “printer admin = …” option in the smb.conf file. This user must also be added to Samba’s user database using sudo smbpasswd -a. Before beginning these steps, restart samba and cups on the server with the following commands: sudo /etc/init.d/samba restart; sudo/etc/init.d/cups restart

1. Download the Windows driver for your printer and install the software according the its installation instructions. If you can, only install the driver, not the extra software or control panels for the printer.
2. Navigate to the server computer through “My Network Places” (Start | My Network Places).
3. Double click the server’s name
4. Double click “Printers and Faxes” folder.
5. Right click on the printer that you installed from the previous section and click Properties. A dialog will be displayed asking if you want to install the print driver. It is crucial that you click NO.
6. Click the Advanced Tab.
7. Click the New Driver button
8. Find the vendor for your printer in the manufacturer pane. Select your printer model in the printer pane. Click Next.
9. Click Finish. The printer’s drivers for Windows will be uploaded to the print server. This will allow users to automatically download the required drivers for their computer when they connect to the server.
10. Click Ok.

At this point, you can right click the printer and click connect. This will “install” the printer on to the current machine and you will be able to print to the printer.

Security Considerations

The configuration files that are provided with this guide are considered to relatively restrictive. If you wish to relax the security restrictions, follow these steps:

smb.conf

Set the following options in /etc/samba/smb.conf:

• security = user
• guest account = nobody
• map to guest = Bad Password
• guest ok = yes
  • The previous option will apply to all of the share definitions such as [printers], [print$], etc

This setup allows all computers to connect and browse the Samba server. If the user account from Windows that is connecting to the server exists on the server and has been added to Samba’s user database (using smbpasswd -a) and has been supplied the correct password (ie: the Window’s account name and password exactly matches the username and password in the Samba database) then the user is considered to be an authenticated user.

If the Windows account name and password does not exist, or the wrong password was supplied, the user the is attempting to connect to the Samba server becomes a “guest” using the Linux account “nobody” obtaining the filesystem permissions of “nobody”.

With this setup, all users should be able to browse to the server, view its shares, connect to the printer and print documents.

cupsd.conf

Cupsd.conf requires special considerations for its security configuration. In the <Location> tags, careful attention must be given to the “Allow From” directives and they should be setup to apply only to the network configuration that is available.

Generally, it is best practice to only allow access to the CUPS Control panel from the localhost of the server so only users directly connected to the server can modify printer configurations.

The attached cupsd.conf is configured to be very permissive.

Appendix A

#======================= Global Settings =======================

[global]

## Browsing/Identification ###

# Change this to the workgroup/NT-domain name your Samba server will part of
workgroup = YOURWORKGROUP

# server string is the equivalent of the NT Description field
# The following displays whatever you set your HOST name as
server string = %h

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable its WINS Server
;   wins support = no

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
;   wins server = w.x.y.z

# This will prevent nmbd to search for NetBIOS names through DNS.
   dns proxy = no

# What naming service and in what order should we use to resolve host names
# to IP addresses
;   name resolve order = lmhosts host wins bcast

#### Networking ####

# The specific set of interfaces / networks to bind to
# This can be either the interface name or an IP address/netmask;
# interface names are normally preferred
;   interfaces = 127.0.0.0/8 eth0

# Only bind to the named interfaces and/or networks; you must use the
# 'interfaces' option above to use this.
# It is recommended that you enable this feature if your Samba machine is
# not protected by a firewall or is a firewall itself.  However, this
# option cannot handle dynamic or non-broadcast interfaces correctly.
;   bind interfaces only = true

#### Debugging/Accounting ####

# This tells Samba to use a separate log file for each machine
# that connects
   log file = /var/log/samba/log.%m

# Cap the size of the individual log files (in KiB).
   max log size = 1000

# If you want Samba to only log through syslog then set the following
# parameter to 'yes'.
;   syslog only = no

# We want Samba to log a minimum amount of information to syslog. Everything
# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log
# through syslog you should set the following parameter to something higher.
   syslog = 0

# Do something sensible when Samba crashes: mail the admin a backtrace
   panic action = /usr/share/samba/panic-action %d


####### Authentication #######

# "security = user" is always a good idea. This will require a Unix account
# in this server for every user accessing the server. See
# /usr/share/doc/samba-doc/htmldocs/Samba3-HOWTO/ServerType.html
# in the samba-doc package for details.
   security = user

# You may wish to use password encryption.  See the section on
# 'encrypt passwords' in the smb.conf(5) manpage before enabling.
   encrypt passwords = true

# If you are using encrypted passwords, Samba will need to know what
# password database type you are using.  
# tdbsam is the default. You can modify it with pdbedit or smbpasswd 
   passdb backend = tdbsam
   obey pam restrictions = yes

#   guest account = nobody
# The following is good for network security. If this server can indirectly be accessed from the internet, you should probably include the following line.
   invalid users = root

# This boolean parameter controls whether Samba attempts to sync the Unix
# password with the SMB password when the encrypted SMB password in the
# passdb is changed.
   unix password sync = no

# For Unix password sync to work on a Debian GNU/Linux system, the following
# parameters must be set (thanks to Ian Kahan < for
# sending the correct chat script for the passwd program in Debian Sarge).
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.
   pam password change = no

# If the supplied password is incorrect for the username (for Windows machines, they send the current
# username and password of the logged in user), then reject and DONT allow that user to connect or browse.
# This will essentially not drop the user to Guest permissions
map to guest = never

########## Printing ##########

# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
   load printers = yes
   printing = cups
   printcap name = cups
   printer admin = USERADMIN


############ Misc ############

# Most people will find that this option gives better performance.
# See smb.conf(5) and /usr/share/doc/samba-doc/htmldocs/Samba3-HOWTO/speed.html
# for details
# You may want to add the following on a Linux system:
#         SO_RCVBUF=8192 SO_SNDBUF=8192
   socket options = TCP_NODELAY

# Setup usershare options to enable non-root users to share folders
# with the net usershare command.

# Maximum number of usershare. 0 (default) means that usershare is disabled.
;   usershare max shares = 100

# Allow users who've been granted usershare privileges to create
# public shares, not just authenticated ones
   usershare allow guests = yes

#======================= Share Definitions =======================

[printers]
   comment = All Printers
   browseable = yes
   path = /var/spool/samba
   printable = yes
   guest ok = yes
   read only = yes

# Windows clients look for this share name as a source of downloadable
# printer drivers
[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = yes
   write list = root, @lpadmin, YOURUSER

Appendix B

#
#   Sample configuration file for the Common UNIX Printing System (CUPS)
#   scheduler.  See "man cupsd.conf" for a complete description of this
#   file.
#

# Log general information in error_log - change "info" to "debug" for
# troubleshooting...
LogLevel warning

# Administrator user group...
SystemGroup lpadmin


# Use the following line to only allow connections from the local machine
#Listen localhost:631
Listen /var/run/cups/cups.sock

# The following line allows connections from anywhere to port 631
Port 631

# Show shared printers on the local network.
Browsing On
BrowseOrder allow,deny
BrowseAllow all

# The following allows browse access from the 192.168.1.* network. This will need to be adjusted for your network.
BrowseAddress 192.168.1.255

# Default authentication type, when authentication is required...
DefaultAuthType Basic

# Restrict access to the server...
<Location />
  Order allow,deny
  Allow From 192.168.1.*
  Allow From 192.168.0.*
  Allow From 127.0.0.1
  Allow From localhost
</Location>

# Restrict access to the admin pages...
<Location /admin>
  Order allow,deny
  Allow From 192.168.1.104
</Location>


# Restrict access to configuration files...
<Location /admin/conf>
  AuthType Default
#  Require group lpadmin
#  Require user ubuntu
  Order allow,deny
</Location>

# Set the default printer/job policies...
<Policy default>
  # Job-related operations must be done by the owner or an administrator...
  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>

  # All administration operations require an administrator to authenticate...
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>

  # All printer operations require a printer operator to authenticate...
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>

  # Only the owner or an administrator can cancel or authenticate a job...
  <Limit Cancel-Job CUPS-Authenticate-Job>
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>

  <Limit All>
    Order deny,allow
  </Limit>
</Policy>

Appendix C

To install the Linux driver for the Samsung ML2010 printer on Ubuntu 8.04, follow these steps:

1. Go to http://ubuntuforums.org/showthread.php?t=341621 and read the first post. This explains how to install the Samsung Unified Printer drivers.
2. On your server computer type the following:
   •  
     • sudo su
       • Type in the current user’s password. This user must be a member of sudoers. If you know the root password, you may su root.
     • echo “deb http://www-personal.umich.edu/~tjwatt/suldr/ debian extra” » /etc/apt/sources.list
     • echo “deb http://archive.ubuntu.com/ubuntu hardy universe” » /etc/apt/sources.list
     • wget -O - http://www-personal.umich.edu/~tjwatt/suldr/suldr.gpg | apt-key add -
     • apt-get update
     • apt-get install sane-utils
     • apt-get install samsungmfp-driver samsungmfp-data
3. Execute the following commands:
   • /etc/init.d/cupsys restart
   • exit
4. Verify the packages installation with dpkg -l samsung*. Both samsungmfp-data and samsungmfp-driver should have “ii” to the left of their name.
5. Navigate to the CUPS control panel (ex: http://192.168.1.7:631)
6. Add your printer.

The specific driver should now show up. For more information view the thread from step 1 and also the instructions located at http://www-personal.umich.edu/~tjwatt/suldr/

A Weekend Full of WIN

I may be in danger of getting ahead of myself, but I’m pretty sure that I’m awesome.  No, I did not fill out my weekend WIN quota by travelling to such exotic locations as Fiji or Hawaii or Moose Jaw, nor did I fill it by participating in an extreme event like bungee jumping or water rafting or knitting.  No, my life is not nearly as exciting as that.  I…(wait for it)…stayed home.  That’s right, I stayed home -caught in the evergoing struggles of computer viruses.  But fear not, I conquered said virus faster than you can say, “Welcome to the Grid!”

The virus in question?  None other than the infamous Win 7 virus, spreading its malcontent and misuse of security alerts across this nation like wildfire.  I believe I do not need to stress the urgency of ridding yourself of this virus immediately.

It began like any other crisp Saturday morning…

Anyway, in the middle of extensive web surfing meditation, this Win 7 Total Security starts popping all over my screen, telling me that my computer is at risk and to click YES on its ever so deceptive window for the “latest Update”.  A lesser man would go forth blindly down this misguided path, but not I.  I had knowledge, baby.  I instantly recognized Win 7 facade and took immediate action.  And by action whimpered like a baby for ten minutes in worry that all my work-all my cool thingys-would be taken away from me.  So I slapped myself hard enough to fling the unwanted tears away and went to work Rambo style.

Only…

My internet!  My beloved internet was taken over!  Win 7 hijacked my most beloved possession!

Alright, let’s get serious.  Here are some things that I did to rectify this problem.

First, I rebooted.  Then, I left my connection off when it restarted.  Then, I started my Anti-Malware progam by Malwarebytes.  I risked a connection to install the latest updates, then ran that program immediately.  If this virus blocks your internet still as well as your malware updates, then I suggest using a different computer if possible, getting the Anti-malware program with the necessary updates, and, using a USB stick, install it on your computer and run it.  Another good program would be Spy Doctor.  Or just google a process that works for you.  Since internet probably won’t work on your own infested computer, use your iphone or whatever to find a solution.  There are plenty out there.

So, awesomeness achieved as far as I am concerned.  I was presented with a problem, overcame it with (more or less) finesse and vigor, and booted that virus out of my system as if it were trash in need of a curb to be thrown to. 

If you or someone you know have come in contact with this Win 7 turd, do the right thing and crush it with the might of Google Search.

And that, is how I spent my weekend.

Cheers!

Ben (ATWS Social Media)

These Are The Days of Our Lives

Greetings Programs!

I’m Ben - Creative writing extraordinaire, Social Media savant, Tech wizard genuis, All around swell guy - here from the Adroit Technologies headquarters to bring you an urgent message!  It is a message so dire that it will cause panic in the streets, the sky to turn black, Aztec prophecies to come true, software programs to become sentient and turn on their masters!

Unfortunately I forgot to write the message down and I retain short term memory like whatever the opposite of a sponge is (a rock? the Jersey Shore cast?).  So, I will instead chat briefly about Adroit Technologies instead! Yay!

We are Adroit Technologies, your friendly neighborhood website design and developement company.  We do it all, from custom made logos and menus to fully functioning websites.  We are a jack of all trades - webwise, that is.

And so, prepare yourself for some great future blog posts as I attempt to think of some awesome tech tips and present them to you in a slick and savy way, not to mention updating our statuses of our growing current projects, and insights to working at cool website company and how flippin’ fantastic it is to be a part of this team.

So, here’s to you, faithful readers of the internet universe, and the many happy blogs we will be bringing you!

Cheers,

Ben

Welcome!

Hear ye! Hear ye!  Gather ‘round for the official launch of the Adroit Technologies blog!  Prepare to be amazed as the team from ATWS provides for your eager eyes all that blogs have to offer!  We’ve got tech tips, updates, stories, info, more tech tips, and facts-yes, facts!  Have a question?  Just ask us!  We are more than happy to help you out.

So get ready as we bring you all the ATWS news in the coming months!

Adroit - Social Media

So, With the social media project ending it’s first stage, we all getting quite excitied about what this could mean for adroit. First kamloops, then the world! Thanks for all the support so far.