Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen Revision Vorhergehende Überarbeitung
Nächste Überarbeitung
Vorhergehende Überarbeitung
centos:apc [08.01.2017 00:19. ] – [Paketdetails] djangocentos:apc [22.07.2019 14:52. ] (aktuell) – Externe Bearbeitung 127.0.0.1
Zeile 1: Zeile 1:
-~~UNDERCONSTRUCTION~~ +====== APC UPS Daemon unter CentOS 7.x ====== 
-====== APC UPS Daemon ======+{{ :centos:rack-2016-11-24-22.33.57.jpg?nolink&150|Bild: Photo vom Serverschrank}} 
 +{{:centos:apcupsd-logo.png?nolink&500|Bild: APC UPSD Logo}} 
 + 
 +Beim Betrieb eines Servers ist der Einsatz einer gesicherten Energieversorgung natürlich obligatorisch. Im **RZ**((**R**echen **Z**entrum)) stehen dazu meist unterbrechungsfreie Stromversorgungen, Ersatznetze oder auch Notstromaggregate zur Verfügung. Kann man auf derartige Techniken nicht zurückgreifen, lohnt sich die Anschaffung einer eigenen USV.  
 + 
 +{{:centos:apc-smartusv-1400.jpg?direct&300 |Bild: Photo der APC Smart-UPS SU1400RMI 3HE}}So kommt z.B. bei nausch.org eine //**APC Smart-UPS SU1400RMI 3HE**// zum Einsatz.  Zur Überwachung, Verwaltung und Administration wird **[[http://www.apcupsd.org|APCUPSD]]** verwendet. In diesem Kapitel werden wir uns mit der Installation und Konfiguration des Daemon befassen.  
 + 
 +Eine ausführliche Programmdokumentation ist auf der Seite [[http://www.apcupsd.org/manual/manual.html|APCUPSD User Manual]] zu finden.
  
 ===== USB/RS.232-Adapter ===== ===== USB/RS.232-Adapter =====
-<code>Jul 28 14:40:56 vml000020 kernel: usb 1-2.2: new full speed USB device number 5 using uhci_hcd +Die Verbindung zwischen der USV und dem Server erfolgt mittels zugehörigem seriellen Verbindungskabel vom Typ **//[[http://rtfm.vtt.net/pinouts/data/apc_smart_cable_pinout.shtml.htm|940-0024B]]//** und einem 4-port USB/UART-Adapter **[[http://www.digitus.info/de/produkte/computer-accessories-and-components/computer-accessories/serial-and-parallel-adapter/da-70159/|DIGITUS USB 2.0 zu 4xRS232 Kabel]]**.
-Jul 28 14:40:56 vml000020 kernel: usb 1-2.2: New USB device found, idVendor=067b, idProduct=2303 +
-Jul 28 14:40:56 vml000020 kernel: usb 1-2.2: New USB device strings: Mfr=1, Product=2, SerialNumber=0 +
-Jul 28 14:40:56 vml000020 kernel: usb 1-2.2: Product: USB-Serial Controller +
-Jul 28 14:40:56 vml000020 kernel: usb 1-2.2: Manufacturer: Prolific Technology Inc. +
-Jul 28 14:40:56 vml000020 kernel: usb 1-2.2: configuration #1 chosen from 1 choice +
-Jul 28 14:40:56 vml000020 kernel: USB Serial support registered for pl2303 +
-Jul 28 14:40:56 vml000020 kernel: pl2303 1-2.2:1.0: pl2303 converter detected +
-Jul 28 14:40:56 vml000020 kernel: usb 1-2.2: pl2303 converter now attached to ttyUSB1 +
-Jul 28 14:40:56 vml000020 kernel: usbcore: registered new interface driver pl2303 +
-Jul 28 14:40:56 vml000020 kernel: pl2303: Prolific PL2303 USB to serial adaptor driver +
-</code>+
  
 +Mit Hilfe der installierten **usbutiuls** können Details zum USB_Adapter abgefragt werden.
  
-===== Installation ===== +Bei Bedarf installieren wir uns also besagtes RPM-Paket.  
-   # yum install apcupsd+   # yum install usbutils
  
 +Den Inhalt des Paketes können wir uns wie folgt anzeigen lassen.
 +   # rpm -qil usbutils
 +<code>Name        : usbutils
 +Version     : 007
 +Release     : 5.el7
 +Architecture: x86_64
 +Install Date: Sun 08 Jan 2017 12:03:27 PM CET
 +Group       : Applications/System
 +Size        : 187281
 +License     : GPLv2+
 +Signature   : RSA/SHA256, Wed 25 Nov 2015 05:02:14 PM CET, Key ID 24c6a8a7f4a80eb5
 +Source RPM  : usbutils-007-5.el7.src.rpm
 +Build Date  : Fri 20 Nov 2015 09:48:55 AM CET
 +Build Host  : worker1.bsys.centos.org
 +Relocations : (not relocatable)
 +Packager    : CentOS BuildSystem <http://bugs.centos.org>
 +Vendor      : CentOS
 +URL         : http://www.linux-usb.org/
 +Summary     : Linux USB utilities
 +Description :
 +This package contains utilities for inspecting devices connected to a
 +USB bus.
 +/usr/bin/lsusb
 +/usr/bin/lsusb.py
 +/usr/bin/usb-devices
 +/usr/bin/usbhid-dump
 +/usr/share/doc/usbutils-007
 +/usr/share/doc/usbutils-007/AUTHORS
 +/usr/share/doc/usbutils-007/COPYING
 +/usr/share/doc/usbutils-007/ChangeLog
 +/usr/share/doc/usbutils-007/NEWS
 +/usr/share/doc/usbutils-007/README
 +/usr/share/man/man1/usb-devices.1.gz
 +/usr/share/man/man8/lsusb.8.gz
 +/usr/share/man/man8/usbhid-dump.8.gz
 +/usr/share/pkgconfig/usbutils.pc</code>
  
 +Der Aufruf von **lsusb** zeigt uns neben den anderen USB-Devices auch unseren 4-Port Adapter.
 +   # lsusb
 +
 +  Bus 001 Device 003: ID 0403:6011 Future Technology Devices International, Ltd FT4232H Quad HS USB-UART/FIFO IC
 +  Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
 +  Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
 +  Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
 +  Bus 002 Device 002: ID 0627:0001 Adomax Technology Co., Ltd 
 +  Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
 +
 +Eine ähnliche aussagekräftige Detailanzeige können wir uns mit dem Befehl **usb-devices** anzeigen lassen.
 +   # usb-devices 
 +<code>T:  Bus=01 Lev=01 Prnt=01 Port=01 Cnt=01 Dev#=  3 Spd=480 MxCh= 0
 +D:  Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs=  1
 +P:  Vendor=0403 ProdID=6011 Rev=08.00
 +S:  Manufacturer=FTDI
 +S:  Product=FT4232H Device
 +S:  SerialNumber=FTZ9JWTW
 +C:  #Ifs= 4 Cfg#= 1 Atr=80 MxPwr=200mA
 +I:  If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=ftdi_sio
 +I:  If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=ftdi_sio
 +I:  If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=ftdi_sio
 +I:  If#= 3 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=ftdi_sio</code>
 +
 +Damit der Adapter auch verwendet werden kann, benötigen wir noch die **libftdi**-Bibliotheken, welche wir nun noch installieren werden.
 +   # yum install libftdi
 +
 +Auch hier können wir bei Interesse, den Inhalt des RPM-Paketes anzeigen lassen.
 +   # rpm -qil libftdi
 +<code>Name        : libftdi
 +Version     : 1.1
 +Release     : 4.el7
 +Architecture: x86_64
 +Install Date: Sun 08 Jan 2017 11:55:10 AM CET
 +Group       : System Environment/Libraries
 +Size        : 96091
 +License     : LGPLv2
 +Signature   : RSA/SHA256, Tue 07 Oct 2014 10:19:03 PM CEST, Key ID 6a2faea2352c64e5
 +Source RPM  : libftdi-1.1-4.el7.src.rpm
 +Build Date  : Mon 06 Oct 2014 09:17:24 PM CEST
 +Build Host  : buildvm-24.phx2.fedoraproject.org
 +Relocations : (not relocatable)
 +Packager    : Fedora Project
 +Vendor      : Fedora Project
 +URL         : http://www.intra2net.com/de/produkte/opensource/ftdi/
 +Summary     : Library to program and control the FTDI USB controller
 +Description :
 +A library (using libusb) to talk to FTDI's FT2232C,
 +FT232BM and FT245BM type chips including the popular bitbang mode.
 +/lib/udev/rules.d/69-libftdi.rules
 +/usr/lib64/libftdi1.so.2
 +/usr/lib64/libftdi1.so.2.1.0
 +/usr/share/doc/libftdi-1.1
 +/usr/share/doc/libftdi-1.1/AUTHORS
 +/usr/share/doc/libftdi-1.1/COPYING.LIB
 +/usr/share/doc/libftdi-1.1/ChangeLog
 +/usr/share/doc/libftdi-1.1/README</code>
 +
 +===== Installation und Konfiguration =====
 +==== apcupsd ====
 +=== Installation ===
 +Zur Administration unserer USV benötien wir nun noch einen passenden Daemon, den **[[http://www.apcupsd.org/|apcupsd]]**. Das RPM-Paket aus dem Repository **[[https://fedoraproject.org/wiki/EPEL|Extra Packages for Enterprise Linux (EPEL)]]** installieren wir wie gewohnt mittels **yum**
 +   # yum install apcupsd
  
-===== Paketdetails =====+Welche Verzeichnisse und Dateien uns die Installation eben ins System brachte, lassen wir uns mit Unterstützung des Befehls **rpm** und der Option ''qil'' anzeigen.
    # rpm -qil apcupsd    # rpm -qil apcupsd
  
Zeile 146: Zeile 242:
 /usr/share/man/man8/apcupsd.8.gz</code> /usr/share/man/man8/apcupsd.8.gz</code>
  
 +=== Konfiguration ===
 +Zur Einstellungen des Daemon sind in der Konfigurationsdatei //**/etc/apcupsd/apcupsd.conf**// vorzunehmen. Diese Datei bearbeiten wir mit dem Editor unserer Wahl, z.B. **vim**.
 +   # vim /etc/apcupsd/apcupsd.conf
 +<file bash /etc/apcupsd/apcupsd.conf>## apcupsd.conf v1.1 ##
 +
 +#  for apcupsd release 3.14.12 (29 March 2014) - redhat
 +#
 +# "apcupsd" POSIX config file
  
 +#
 +# ========= General configuration parameters ============
 +#
  
-   service apcupsd start+UPSNAME xxx 
 +#   Use this to give your UPS a name in log files and such. This 
 +#   is particulary useful if you have multiple UPSes. This does not 
 +#   set the EEPROM. It should be 8 characters or less. 
 +# Django : 2017-01-08 
 +# default: #UPSNAME 
 +UPSNAME APC1400
  
-   Starting UPS monitoring                                  [  OK  ]+# UPSCABLE <cable> 
 +#   Defines the type of cable connecting the UPS to your computer. 
 +
 +#   Possible generic choices for <cable> are: 
 +#     simple, smart, ether, usb 
 +
 +#   Or a specific cable model number may be used: 
 +#     940-0119A, 940-0127A, 940-0128A, 940-0020B, 
 +#     940-0020C, 940-0023A, 940-0024B, 940-0024C, 
 +#     940-1524C, 940-0024G, 940-0095A, 940-0095B, 
 +#     940-0095C, 940-0625A, M-04-02-2000 
 +
 +# Django : 2017-01-08 
 +# default: UPSCABLE usb 
 +UPSCABLE 940-0024B
  
 +# To get apcupsd to work, in addition to defining the cable
 +# above, you must also define a UPSTYPE, which corresponds to
 +# the type of UPS you have (see the Description for more details).
 +# You must also specify a DEVICE, sometimes referred to as a port.
 +# For USB UPSes, please leave the DEVICE directive blank. For
 +# other UPS types, you must specify an appropriate port or address.
 +#
 +# UPSTYPE   DEVICE           Description
 +# apcsmart  /dev/tty**       Newer serial character device, appropriate for 
 +#                            SmartUPS models using a serial cable (not USB).
 +#
 +# usb       <BLANK>          Most new UPSes are USB. A blank DEVICE
 +#                            setting enables autodetection, which is
 +#                            the best choice for most installations.
 +#
 +# net       hostname:port    Network link to a master apcupsd through apcupsd'
 +#                            Network Information Server. This is used if the
 +#                            UPS powering your computer is connected to a 
 +#                            different computer for monitoring.
 +#
 +# snmp      hostname:port:vendor:community
 +#                            SNMP network link to an SNMP-enabled UPS device.
 +#                            Hostname is the ip address or hostname of the UPS 
 +#                            on the network. Vendor can be can be "APC" or 
 +#                            "APC_NOTRAP". "APC_NOTRAP" will disable SNMP trap 
 +#                            catching; you usually want "APC". Port is usually 
 +#                            161. Community is usually "private".
 +#
 +# netsnmp   hostname:port:vendor:community
 +#                            OBSOLETE
 +#                            Same as SNMP above but requires use of the 
 +#                            net-snmp library. Unless you have a specific need
 +#                            for this old driver, you should use 'snmp' instead.
 +#
 +# dumb      /dev/tty**       Old serial character device for use with 
 +#                            simple-signaling UPSes.
 +#
 +# pcnet     ipaddr:username:passphrase:port
 +#                            PowerChute Network Shutdown protocol which can be 
 +#                            used as an alternative to SNMP with the AP9617 
 +#                            family of smart slot cards. ipaddr is the IP 
 +#                            address of the UPS management card. username and 
 +#                            passphrase are the credentials for which the card 
 +#                            has been configured. port is the port number on 
 +#                            which to listen for messages from the UPS, normally 
 +#                            3052. If this parameter is empty or missing, the 
 +#                            default of 3052 will be used.
 +#
 +# modbus    /dev/tty**       Serial device for use with newest SmartUPS models
 +#                            supporting the MODBUS protocol.
 +#
 +# Django : 2017-01-08
 +# default: UPSTYPE usb
 +#          DEVICE 
 +UPSTYPE apcsmart
 +DEVICE /dev/ttyUSB3
  
-   chkconfig apcupsd on+POLLTIME <int> 
 +#   Interval (in seconds) at which apcupsd polls the UPS for status. This 
 +#   setting applies both to directly-attached UPSes (UPSTYPE apcsmart, usb,  
 +#   dumb) and networked UPSes (UPSTYPE net, snmp). Lowering this setting 
 +#   will improve apcupsd's responsiveness to certain events at the cost of 
 +#   higher CPU utilization. The default of 60 is appropriate for most 
 +#   situations. 
 +# Django : 2017-01-08 
 +# default: #POLLTIME 60 
 +POLLTIME 60
  
 +# LOCKFILE <path to lockfile>
 +#   Path for device lock file. Not used on Win32.
 +LOCKFILE /var/lock
  
-   chkconfig --list | grep apcupsd+SCRIPTDIR <path to script directory> 
 +#   Directory in which apccontrol and event scripts are located. 
 +SCRIPTDIR /etc/apcupsd
  
-   apcupsd         0:off 1:off 2:on 3:on 4:on 5:on 6:off+# PWRFAILDIR <path to powerfail directory> 
 +#   Directory in which to write the powerfail flag file. This file 
 +#   is created when apcupsd initiates a system shutdown and is 
 +#   checked in the OS halt scripts to determine if a killpower 
 +#   (turning off UPS output power) is required. 
 +PWRFAILDIR /etc/apcupsd
  
-<code>[root@vml000127 conf.d]# systemctl start apcupsd.service +# NOLOGINDIR <path to nologin directory
-[root@vml000127 conf.d]systemctl status apcupsd.service +#   Directory in which to write the nologin fileThe existence 
-● apcupsd.service - APC UPS Power Control Daemon for Linux +  of this flag file tells the OS to disallow new logins
-   Loaded: loaded (/usr/lib/systemd/system/apcupsd.service; disabled; vendor preset: disabled) +NOLOGINDIR /etc
-   Active: active (running) since Sun 2017-01-08 01:18:16 CET; 1s ago +
-  Process: 17736 ExecStartPre=/bin/rm -f /etc/apcupsd/powerfail (code=exited, status=0/SUCCESS) +
- Main PID: 17738 (apcupsd) +
-   CGroup: /system.slice/apcupsd.service +
-           └─17738 /sbin/apcupsd -b -f /etc/apcupsd/apcupsd.conf+
  
-Jan 08 01:18:16 vml000127.dmz.nausch.org systemd[1]: Starting APC UPS Power Control Daemon for Linux... 
-Jan 08 01:18:16 vml000127.dmz.nausch.org systemd[1]: Started APC UPS Power Control Daemon for Linux. 
-Jan 08 01:18:16 vml000127.dmz.nausch.org apcupsd[17738]: apcupsd 3.14.12 (29 March 2014) redhat startup succeeded 
-Jan 08 01:18:16 vml000127.dmz.nausch.org apcupsd[17738]: NIS server startup succeeded</code> 
  
 +#
 +# ======== Configuration parameters used during power failures ==========
 +#
  
-   cat /var/log/apcupsd.events+The ONBATTERYDELAY is the time in seconds from when a power failure 
 +#   is detected until we react to it with an onbattery event. 
 +
 +#   This means that, apccontrol will be called with the powerout argument 
 +#   immediately when a power failure is detected.  However, the 
 +#   onbattery argument is passed to apccontrol only after the  
 +#   ONBATTERYDELAY time.  If you don't want to be annoyed by short 
 +#   powerfailures, make sure that apccontrol powerout does nothing 
 +#   i.e. comment out the wall. 
 +ONBATTERYDELAY 6
  
-   2012-07-28 16:31:36 +0200  apcupsd 3.14.10 (13 September 2011) redhat startup succeeded+#  
 +# NoteBATTERYLEVEL, MINUTES, and TIMEOUT work in conjunction, so 
 +# the first that occurs will cause the initation of a shutdown. 
 +#
  
 +# If during a power failure, the remaining battery percentage
 +# (as reported by the UPS) is below or equal to BATTERYLEVEL, 
 +# apcupsd will initiate a system shutdown.
 +BATTERYLEVEL 5
  
 +# If during a power failure, the remaining runtime in minutes 
 +# (as calculated internally by the UPS) is below or equal to MINUTES,
 +# apcupsd, will initiate a system shutdown.
 +MINUTES 3
  
-cat /var/log/apcupsd.events  +If during a power failure, the UPS has run on batteries for TIMEOUT 
-2012-07-28 15:58:51 +0200  apcupsd FATAL ERROR in smartsetup.c at line 172 +# many seconds or longer, apcupsd will initiate a system shutdown. 
-PANIC! Cannot communicate with UPS via serial port+# A value of 0 disables this timer. 
-Please make sure the port specified on the DEVICE directive is correct+
-and that your cable specification on the UPSCABLE directive is correct+#  Note, if you have a Smart UPS, you will most likely want to disable 
-2012-07-28 15:58:51 +0200  apcupsd error shutdown completed+#    this timer by setting it to zero. That way, you UPS will continue 
 +#    on batteries until either the % charge remaing drops to or below BATTERYLEVEL, 
 +#    or the remaining battery runtime drops to or below MINUTES.  Of course, 
 +#    if you are testing, setting this to 60 causes a quick system shutdown 
 +#    if you pull the power plug.    
 +#  If you have an older dumb UPS, you will want to set this to less than 
 +#    the time you know you can run on batteries. 
 +TIMEOUT 0 
 + 
 +#  Time in seconds between annoying users to signoff prior to 
 +#  system shutdown. 0 disables. 
 +ANNOY 300 
 + 
 +# Initial delay after power failure before warning users to get 
 +# off the system. 
 +ANNOYDELAY 60 
 + 
 +# The condition which determines when users are prevented from 
 +# logging in during a power failure. 
 +# NOLOGON <string> [ disable | timeout | percent | minutes | always ] 
 +NOLOGON disable 
 + 
 +# If KILLDELAY is non-zero, apcupsd will continue running after a 
 +# shutdown has been requested, and after the specified time in 
 +# seconds attempt to kill the power. This is for use on systems 
 +# where apcupsd cannot regain control after a shutdown. 
 +# KILLDELAY <seconds>  0 disables 
 +KILLDELAY 0 
 + 
 +
 +# ==== Configuration statements for Network Information Server ==== 
 +
 + 
 +# NETSERVER [ on | off ] on enables, off disables the network 
 +#  information server. If netstatus is on, a network information 
 +#  server process will be started for serving the STATUS and 
 +#  EVENT data over the network (used by CGI programs). 
 +NETSERVER on 
 + 
 +# NISIP <dotted notation ip address> 
 +#  IP address on which NIS server will listen for incoming connections. 
 +#  This is useful if your server is multi-homed (has more than one 
 +#  network interface and IP address). Default value is 0.0.0.0 which 
 +#  means any incoming request will be serviced. Alternatively, you can 
 +#  configure this setting to any specific IP address of your server and  
 +#  NIS will listen for connections only on that interface. Use the 
 +#  loopback address (127.0.0.1) to accept connections only from the 
 +#  local machine. 
 +NISIP 0.0.0.0 
 + 
 +# NISPORT <port> default is 3551 as registered with the IANA 
 +#  port to use for sending STATUS and EVENTS data over the network. 
 +#  It is not used unless NETSERVER is on. If you change this port, 
 +#  you will need to change the corresponding value in the cgi directory 
 +#  and rebuild the cgi programs. 
 +NISPORT 3551 
 + 
 +# If you want the last few EVENTS to be available over the network 
 +# by the network information server, you must define an EVENTSFILE. 
 +EVENTSFILE /var/log/apcupsd.events 
 + 
 +# EVENTSFILEMAX <kilobytes> 
 + By default, the size of the EVENTSFILE will be not be allowed to exceed 
 +#  10 kilobytes.  When the file grows beyond this limit, older EVENTS will 
 +#  be removed from the beginning of the file (first in first out) The 
 +#  parameter EVENTSFILEMAX can be set to a different kilobyte value, or set 
 +#  to zero to allow the EVENTSFILE to grow without limit. 
 +EVENTSFILEMAX 10 
 + 
 +
 +# ========== Configuration statements used if sharing ============= 
 +#            a UPS with more than one machine 
 + 
 +
 +# Remaining items are for ShareUPS (APC expansion card) ONLY 
 +
 + 
 +# UPSCLASS [ standalone | shareslave | sharemaster ] 
 +#   Normally standalone unless you share an UPS using an APC ShareUPS 
 +#   card
 +UPSCLASS standalone 
 + 
 +# UPSMODE [ disable | share ] 
 +#   Normally disable unless you share an UPS using an APC ShareUPS card. 
 +UPSMODE disable 
 + 
 +
 +# ===== Configuration statements to control apcupsd system logging ======== 
 +
 + 
 +# Time interval in seconds between writing the STATUS file; 0 disables 
 +STATTIME 0 
 + 
 +# Location of STATUS file (written to only if STATTIME is non-zero) 
 +STATFILE /var/log/apcupsd.status 
 + 
 +# LOGSTATS [ on | off ] on enablesoff disables 
 +# Note! This generates a lot of output, so if          
 +#       you turn this on, be sure that the 
 +#       file defined in syslog.conf for LOG_NOTICE is a named pipe. 
 +#  You probably do not want this on
 +LOGSTATS off 
 + 
 +# Time interval in seconds between writing the DATA records to 
 +#   the log file. 0 disables. 
 +DATATIME 0 
 + 
 +# FACILITY defines the logging facility (class) for logging to syslog.  
 +#          If not specified, it defaults to "daemon". This is useful  
 +#          if you want to separate the data logged by apcupsd from other 
 +#          programs
 +#FACILITY DAEMON 
 + 
 +
 +# ========== Configuration statements used in updating the UPS EPROM ========= 
 +
 + 
 +
 +# These statements are used only by apctest when choosing "Set EEPROM with conf 
 +# file values" from the EEPROM menu. THESE STATEMENTS HAVE NO EFFECT ON APCUPSD. 
 +
 + 
 +# UPS name, max 8 characters  
 +#UPSNAME UPS_IDEN 
 + 
 +# Battery date 8 characters 
 +#BATTDATE mm/dd/yy 
 + 
 +# Sensitivity to line voltage quality (H cause faster transfer to batteries)   
 +# SENSITIVITY H M L        (default = H) 
 +#SENSITIVITY H 
 + 
 +# UPS delay after power return (seconds) 
 +# WAKEUP 000 060 180 300   (default = 0) 
 +#WAKEUP 60 
 + 
 +# UPS Grace period after request to power off (seconds) 
 +# SLEEP 020 180 300 600    (default = 20) 
 +#SLEEP 180 
 + 
 +# Low line voltage causing transfer to batteries 
 +# The permitted values depend on your model as defined by last letter  
 +#  of FIRMWARE or APCMODEL. Some representative values are: 
 +#    D 106 103 100 097 
 +#    M 177 172 168 182 
 +#    A 092 090 088 086 
 +#    I 208 204 200 196     (default = 0 => not valid) 
 +#LOTRANSFER  208 
 + 
 +# High line voltage causing transfer to batteries 
 +# The permitted values depend on your model as defined by last letter  
 +#  of FIRMWARE or APCMODEL. Some representative values are: 
 +#    D 127 130 133 136 
 +#    M 229 234 239 224 
 +#    A 108 110 112 114 
 +#    I 253 257 261 265     (default = 0 => not valid) 
 +#HITRANSFER 253 
 + 
 +# Battery charge needed to restore power 
 +# RETURNCHARGE 00 15 50 90 (default = 15) 
 +#RETURNCHARGE 15 
 + 
 +# Alarm delay  
 +# 0 = zero delay after pwr fail, T = power fail + 30 sec, L = low battery, N = never 
 +# BEEPSTATE 0 T L N        (default = 0) 
 +#BEEPSTATE T 
 + 
 +# Low battery warning delay in minutes 
 +# LOWBATT 02 05 07 10      (default = 02) 
 +#LOWBATT 2 
 + 
 +# UPS Output voltage when running on batteries 
 +# The permitted values depend on your model as defined by last letter  
 +#  of FIRMWARE or APCMODEL. Some representative values are: 
 +#    D 115 
 +#    M 208 
 +#    A 100 
 +#    I 230 240 220 225     (default = 0 => not valid) 
 +#OUTPUTVOLTS 230 
 + 
 +# Self test interval in hours 336=2 weeks, 168=1 week, ON=at power on 
 +# SELFTEST 336 168 ON OFF  (default = 336) 
 +#SELFTEST 336</file> 
 + 
 +=== Programmstart === 
 +Haben wir die Konfiguration unseren Wünschen nach angepasst, steht dem Start des **apcupsd** nichts mehr im Wege. 
 +   # systemctl start apcupsd.service 
 + 
 +Damit der Daemon automatisch beim Starten des Servers gleich mitstartet, aktivieren wir gleich noch den Autostart des Daemon. 
 +   # systemctl enable apcupsd.service 
 + 
 +Created symlink from /etc/systemd/system/multi-user.target.wants/apcupsd.service to /usr/lib/systemd/system/apcupsd.service. 
 + 
 +Den erfolgreichen Start des Daemon können wir wie folgt abfragen. 
 +   # systemctl start apcupsd.service 
 + 
 +<html><pre class="code"> 
 +<font style="colorrgb(0, 255, 0)"><b>● </b></font><font style="colorrgb(0, 0, 0)">apcupsd.service - APC UPS Power Control Daemon for Linux 
 +   Loaded: loaded (/usr/lib/systemd/system/apcupsd.service; disabled; vendor preset: disabled) 
 +   Active: <font style="color: rgb(0, 255, 0)"><b>active (running) </b></font><font style="color: rgb(0, 0, 0)"> since Sun 2017-01-08 11:41:41 CET; 1s ago 
 +  Process: 1750 ExecStartPre=/bin/rm -f /etc/apcupsd/powerfail (code=exited, status=0/SUCCESS) 
 + Main PID: 1752 (apcupsd) 
 +   CGroup: /system.slice/apcupsd.service 
 +           └─1752 /sbin/apcupsd -b -f /etc/apcupsd/apcupsd.conf 
 + 
 +Jan 08 11:41:41 vml000127.dmz.nausch.org systemd[1]: Starting APC UPS Power Control Daemon for Linux... 
 +Jan 08 11:41:41 vml000127.dmz.nausch.org systemd[1]: Started APC UPS Power Control Daemon for Linux. 
 +Jan 08 11:41:41 vml000127.dmz.nausch.org apcupsd[1752]: apcupsd 3.14.12 (29 March 2014) redhat startup succeeded 
 +Jan 08 11:41:41 vml000127.dmz.nausch.org apcupsd[1752]: NIS server startup succeeded</font> 
 +</pre></html> 
 + 
 +Im Syslog wird der erfolgreiche Start entsprechend dokumentiert. 
 +   # less /var/log/messages 
 + 
 +  Jan  8 11:41:41 vml000127 apcupsd[1752]: apcupsd 3.14.12 (29 March 2014) redhat startup succeeded 
 +  Jan  8 11:41:41 vml000127 apcupsd[1752]: NIS server startup succeeded 
 + 
 +Ebenso erfolgt ein zum Start des Daemon gehöriger Log-Eintrag in der Log-/Events-Datei des **apcupsd**. 
 +   # cat /var/log/apcupsd.events 
 + 
 +  2017-01-08 22:24:57 +0100  apcupsd 3.14.12 (29 March 2014) redhat startup succeeded
  
 +=== Statusabfrage ===
 +Zur Abfrage des aktuellen Status unseres **apcupsd** verwenden wir das Programm **apcaccess**.
  
-<code>APC      : 001,051,1262 +# /sbin/apcaccess  
-DATE     : 2012-07-28 16:28:45 +0200   +<code>APC      : 001,051,1170 
-HOSTNAME : vml000020.dmz.nausch.org +DATE     : 2017-01-08 14:53:11 +0100   
-VERSION  : 3.14.10 (13 September 2011) redhat+HOSTNAME : vml000127.dmz.nausch.org 
 +VERSION  : 3.14.12 (29 March 2014) redhat
 UPSNAME  : APC1400 UPSNAME  : APC1400
 CABLE    : Custom Cable Smart CABLE    : Custom Cable Smart
 DRIVER   : APC Smart UPS (any) DRIVER   : APC Smart UPS (any)
 UPSMODE  : Stand Alone UPSMODE  : Stand Alone
-STARTTIME: 2012-07-28 16:28:33 +0200  +STARTTIME: 2017-01-08 14:52:58 +0100  
 MODEL    : SMART-UPS 1400 RM MODEL    : SMART-UPS 1400 RM
 STATUS   : ONLINE  STATUS   : ONLINE 
-LINEV    : 226.Volts +LINEV    : 221.Volts 
-LOADPCT  33.Percent Load Capacity+LOADPCT 23.Percent
 BCHARGE  : 100.0 Percent BCHARGE  : 100.0 Percent
-TIMELEFT :   9.0 Minutes+TIMELEFT : 17.0 Minutes
 MBATTCHG : 5 Percent MBATTCHG : 5 Percent
 MINTIMEL : 3 Minutes MINTIMEL : 3 Minutes
 MAXTIME  : 0 Seconds MAXTIME  : 0 Seconds
-MAXLINEV : 228.Volts +MAXLINEV : 222.Volts 
-MINLINEV : 226.Volts +MINLINEV : 219.Volts 
-OUTPUTV 226.Volts+OUTPUTV 221.Volts
 SENSE    : High SENSE    : High
-DWAKE    : 000 Seconds +DWAKE    : 0 Seconds 
-DSHUTD   : 020 Seconds +DSHUTD   : 20 Seconds 
-DLOWBATT : 02 Minutes+DLOWBATT : 2 Minutes
 LOTRANS  : 196.0 Volts LOTRANS  : 196.0 Volts
 HITRANS  : 253.0 Volts HITRANS  : 253.0 Volts
-RETPCT   : 000.0 Percent +RETPCT   : 0.0 Percent 
-ITEMP    : 34.Internal +ITEMP    : 27.
-ALARMDEL : 5 seconds+ALARMDEL : 5 Seconds
 BATTV    : 27.6 Volts BATTV    : 27.6 Volts
 LINEFREQ : 50.0 Hz LINEFREQ : 50.0 Hz
 LASTXFER : Automatic or explicit self test LASTXFER : Automatic or explicit self test
 NUMXFERS : 0 NUMXFERS : 0
-TONBATT  : 0 seconds +TONBATT  : 0 Seconds 
-CUMONBATT: 0 seconds+CUMONBATT: 0 Seconds
 XOFFBATT : N/A XOFFBATT : N/A
 SELFTEST : NO SELFTEST : NO
 STESTI   : 336 STESTI   : 336
-STATFLAG : 0x07000008 Status Flag +STATFLAG : 0x05000008 
-DIPSW    : 0x00 Dip Switch +DIPSW    : 0x00 
-REG1     : 0x00 Register 1 +REG1     : 0x00 
-REG2     : 0x00 Register 2 +REG2     : 0x00 
-REG3     : 0x00 Register 3 +REG3     : 0x00 
-MANDATE  : 09/23/11+MANDATE  : 09/23/99
 SERIALNO : GS9939006549 SERIALNO : GS9939006549
-BATTDATE : 09/23/11+BATTDATE : 09/23/99
 NOMOUTV  : 230 Volts NOMOUTV  : 230 Volts
-NOMBATTV :  24.0 Volts+NOMBATTV : 24.0 Volts
 EXTBATTS : 0 EXTBATTS : 0
 FIRMWARE : 72.11.I FIRMWARE : 72.11.I
-END APC  : 2012-07-28 16:28:50 +0200 +END APC  : 2017-01-08 14:53:15 +0100</code>
-</code>+
  
-   # vim /etc/httpd/conf.d/vhosts.conf +=== Statusbenachrichtigungen per eMail === 
- +Bei einem Stromausfall oder anderen Störungen wird automatisch der User **root** per eMail informiert
-<file apache /etc/httpd/conf.d/vhosts.conf>... +<code>Date:    SonJul 2016 23:23:01 +0200
- +
-+
-# power.nausch.org +
-+
-<VirtualHost *:80> +
-        ServerAdmin webmaster@nausch.org +
-        ServerName power.nausch.org +
-        ServerAlias www.power.nausch.org +
-        ServerPath / +
-        DocumentRoot "/var/www/apcupsd" +
-        AddHandler cgi-script .cgi +
-        <Directory "/var/www/apcupsd"> +
-                Options FollowSymLinks +
-                AllowOverride all +
-                Order Allow,Deny +
-                Allow from all +
-                Options ExecCGI +
-        </Directory> +
-        AddType application/x-httpd-php .php +
-        DirectoryIndex multimon.cgi +
-        ErrorLog logs/power_error.log +
-        CustomLog logs/power_access.log combined +
-</VirtualHost> +
- +
-... +
-</file> +
- +
-{{ :centos:apcupsd.png?direct&500 |Bildschirmhardcopy: APC UPS Daemon}} +
- +
- +
- +
-<code>Date:    Mon30 Jul 2012 17:23:01 +0200+
 From:    root@nausch.org (root) From:    root@nausch.org (root)
 To:      root@nausch.org To:      root@nausch.org
-Subject: vml000020.dmz.nausch.org Power Failure !!!+Subject: vml000127.dmz.nausch.org Power Failure !!!
  
  
-vml000020.dmz.nausch.org Power Failure !!!+vml000127.dmz.nausch.org Power Failure !!!
    
-APC      : 001,052,1297 +APC      : 001,051,1170 
-DATE     : 2012-07-30 17:22:59 +0200   +DATE     : 2017-01-08 14:53:11 +0100   
-HOSTNAME : vml000020.dmz.nausch.org +HOSTNAME : vml000127.dmz.nausch.org 
-VERSION  : 3.14.10 (13 September 2011) redhat+VERSION  : 3.14.12 (29 March 2014) redhat
 UPSNAME  : APC1400 UPSNAME  : APC1400
 CABLE    : Custom Cable Smart CABLE    : Custom Cable Smart
Zeile 338: Zeile 744:
 EXTBATTS : 0 EXTBATTS : 0
 FIRMWARE : 72.11.I FIRMWARE : 72.11.I
-END APC  : 2012-07-30 17:23:01 +0200  +END APC  : 2017-01-08 23:23:01 +0200  
 </code> </code>
  
-<code>Date:    Mon30 Jul 2012 17:23:59 +0200+Wird die Stromversorgung wieder hergestellt, erfolgt erneut eine positive Rückmeldung per eMail. 
 +<code>Date:    Son1 Jan 2017 23:23:59 +0200
 From:    root@nausch.org (root) From:    root@nausch.org (root)
 To:      root@nausch.org To:      root@nausch.org
-Subject: vml000020.dmz.nausch.org Power has returned+Subject: vml000127.dmz.nausch.org Power has returned
  
  
-vml000020.dmz.nausch.org Power has returned+vml000127.dmz.nausch.org Power has returned
    
-APC      : 001,052,1322 +APC      : 001,051,1170 
-DATE     : 2012-07-30 17:23:58 +0200   +DATE     : 2017-01-08 14:53:11 +0100   
-HOSTNAME : vml000020.dmz.nausch.org +HOSTNAME : vml000127.dmz.nausch.org 
-VERSION  : 3.14.10 (13 September 2011) redhat+VERSION  : 3.14.12 (29 March 2014) redhat
 UPSNAME  : APC1400 UPSNAME  : APC1400
 CABLE    : Custom Cable Smart CABLE    : Custom Cable Smart
Zeile 401: Zeile 808:
 EXTBATTS : 0 EXTBATTS : 0
 FIRMWARE : 72.11.I FIRMWARE : 72.11.I
-END APC  : 2012-07-30 17:23:59 +0200   +END APC  : 2017-01-08 23:23:59 +0200  
 </code> </code>
 +
 +
 +
 +
 +===== apcupsd-gui =====
 +Hat man auf dem Server einen X-server am laufen, muss man sich nicht auf die textbasierten Informationen zurückgreifen. Hier kann man auch auf das **GUI**((**G**raphical **U**ser **I**nterface)) für den APCUPS-Daemon zurückgreifen. Die Installation dieser GUI erfolgt wie **yum**.
 +   # yum install -y apcupsd-gui
 +
 +Den Inhalt des RPM-Paketes erforscht man bei Interesse wie folgt.
 +   # rpm -qil apcupsd-gui
 +<code>Name        : apcupsd-gui
 +Version     : 3.14.12
 +Release     : 1.el7
 +Architecture: x86_64
 +Install Date: Sun 08 Jan 2017 02:58:20 PM CET
 +Group       : Applications/System
 +Size        : 135050
 +License     : GPLv2
 +Signature   : RSA/SHA256, Thu 22 Jan 2015 01:39:58 AM CET, Key ID 6a2faea2352c64e5
 +Source RPM  : apcupsd-3.14.12-1.el7.src.rpm
 +Build Date  : Mon 19 Jan 2015 07:17:55 PM CET
 +Build Host  : buildhw-04.phx2.fedoraproject.org
 +Relocations : (not relocatable)
 +Packager    : Fedora Project
 +Vendor      : Fedora Project
 +URL         : http://www.apcupsd.com
 +Summary     : GUI interface for apcupsd
 +Description :
 +A GUI interface to the APC UPS monitoring daemon.
 +/usr/bin/gapcmon
 +/usr/share/applications/gapcmon.desktop
 +/usr/share/pixmaps/apcupsd.png
 +/usr/share/pixmaps/charging.png
 +/usr/share/pixmaps/gapc_prefs.png
 +/usr/share/pixmaps/onbatt.png
 +/usr/share/pixmaps/online.png
 +/usr/share/pixmaps/unplugged.png</code>
 +
 +Der Start der GUI erfolgt über das Startmenü oder durch Aufruf des Befehls **gamcmon** nach Eingabe der Tatsenkobination **ALT**+**F2**.
 +
 +{{ :centos:apcupsd-gui-01.png?direct&800 |Bild: Bildschirmhardcopy des APCUPS-Dämon}}
 +
 +
 +===== apcupsd-cgi =====
 +Eine weitere Möglichkeit zur Visualisierung der Stati unseres APCUPS-Daemon ist die Verwendung einer WEB-GUI, so dass von berechtigten Hosts, Netzen und/oder Nutzern eine Statusabfrage im Intra- oder auch Internet erfolgen kann. Die notwendigen Programmteile und Konfigurationsbeispiele sind in dem RPm-Paket **apcupsd-cgi** enthalten.
 +
 +==== Installation ====
 +Dieses Paket installieren wir nun mit Unterstützung des Befehls **yum**.
 +   # yum install apcupsd-cgi
 +
 +Den Inhalt des Paketes und auch den Speicherort ermitteln wir wie gewohnt mittels **rpm** und der Option //-qil//.
 +   # rpm -qil apcupsd-cgi
 +
 +<code>Name        : apcupsd-cgi
 +Version     : 3.14.12
 +Release     : 1.el7
 +Architecture: x86_64
 +Install Date: Sun 08 Jan 2017 03:05:58 PM CET
 +Group       : Applications/Internet
 +Size        : 121261
 +License     : GPLv2
 +Signature   : RSA/SHA256, Thu 22 Jan 2015 01:28:22 AM CET, Key ID 6a2faea2352c64e5
 +Source RPM  : apcupsd-3.14.12-1.el7.src.rpm
 +Build Date  : Mon 19 Jan 2015 07:17:55 PM CET
 +Build Host  : buildhw-04.phx2.fedoraproject.org
 +Relocations : (not relocatable)
 +Packager    : Fedora Project
 +Vendor      : Fedora Project
 +URL         : http://www.apcupsd.com
 +Summary     : Web interface for apcupsd
 +Description :
 +A CGI interface to the APC UPS monitoring daemon.
 +/etc/apcupsd/apcupsd.css
 +/etc/apcupsd/hosts.conf
 +/etc/apcupsd/multimon.conf
 +/etc/httpd/conf.d/apcupsd.conf
 +/var/www/apcupsd
 +/var/www/apcupsd/multimon.cgi
 +/var/www/apcupsd/upsfstats.cgi
 +/var/www/apcupsd/upsimage.cgi
 +/var/www/apcupsd/upsstats.cgi</code>
 +
 +==== Konfiguration ====
 +Da wir die WEB-GUI über einen separaten Apache vHOST ansprechen wollen deaktivieren wir als erstes die mitgelieferte Apache Konfigurationsdatei //**/etc/httpd/conf.d/apcupsd.conf**// in dem wir alle Zeilen auskommentieren. 
 +
 +Die Installation und Konfiguration des **//[[centos:web_c7:apache_1|Apache httpd, "der" WEB-Server unter CentOS 7.x]]//** sowie die Konfiguration //**[[centos:web_c7:apache_2|SSL gesicherter Webserver mit mod_ssl für Apache httpd 2.4 unter CentOS 7.x]]**// werden entsprechend vorausgesetzt.
 +   # vim /etc/httpd/conf.d/apcupsd.conf
 +<file apache /etc/httpd/conf.d/apcupsd.conf>##
 +## apcupsd configuration file for Apache Web server
 +##
 +#
 +## files are off the documentroot of Web server
 +#Alias /apcupsd /var/www/apcupsd
 +#<Directory /var/www/apcupsd>
 +# AddHandler cgi-script cgi pl
 +# Options ExecCGI
 +#</Directory>
 +#
 +##
 +## Allow only local access at default
 +## Change the ".example.com" to match your domain or modify
 +## access rights to your needs to enable remote access also.
 +##
 +#<Directory "/var/www/apcupsd">
 +#    DirectoryIndex upsstats.cgi
 +#    AllowOverride None
 +#    Options ExecCGI Indexes
 +#  <IfModule mod_authz_core.c>
 +#    # Apache 2.4
 +#    Require local
 +#  </IfModule>
 +#  <IfModule !mod_authz_core.c>
 +#    # Apache 2.2
 +#    Order deny,allow
 +#    Deny from all
 +#    Allow from 127.0.0.1
 +#    Allow from ::1
 +#  </IfModule>
 +#</Directory></file>
 +
 +Die Konfiguration unseres Apache vHOST erledigen wir mit Hilfe einer eigenen Konfigurationsdatei //**/etc/httpd/conf.d/3rd_apcupsd.conf**//.
 +
 +<file bash /etc/httpd/conf.d/3rd_apcupsd.conf>#
 +# power.nausch.org
 +#
 +<VirtualHost *:80>
 +        ServerAdmin webmaster@nausch.org
 +        ServerName power.nausch.org
 +        ServerPath /
 +        DocumentRoot "/var/www/apcupsd"
 +        AddHandler cgi-script .cgi
 + DirectoryIndex multimon.cgi
 +
 + <Directory /var/www/apcupsd>
 +        Require all granted
 +        AddHandler cgi-script cgi pl
 +        Options ExecCGI
 + </Directory>
 +
 +        AddType application/x-httpd-php .php
 +        ErrorLog logs/power_error.log
 +        CustomLog logs/power_access.log combined
 +</VirtualHost>
 +</file>
 +
 +Den Zugriff werden wir natürlich entsprechend beschneiden und den Transportweg absichern. Auf unserem HTTP-Proxy-Host legen wir hierzu eine passende vHOST-Konfigurationsdatei an.
 +   # vim /etc/httpd/conf.d/3rd_power.conf
 +<file apache /etc/httpd/conf.d/3rd_power.conf>#
 +# Django : 2015-10-29
 +#          vHost power
 +#
 +
 +# Variablen der Hostvariablen
 +Define vhost power
 +Define errors_log logs/${vhost}_error.log
 +Define access_log logs/${vhost}_access.log
 +Define ssl_log logs/${vhost}_ssl_request.log
 +
 +<VirtualHost 10.0.0.97:80>
 +    ServerAdmin webmaster@nausch.org
 +    ServerName ${vhost}.nausch.org
 +
 +    RewriteEngine on
 +    RewriteCond %{HTTPS} off
 +    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
 +
 +    # Welche Logdateien sollen beschrieben werden
 +    SetEnvIf Remote_Addr "10\.0\.0\.20" dontlog
 +    ErrorLog  ${errors_log}
 +    CustomLog ${access_log} combined env=!dontlog
 +</VirtualHost>
 +<VirtualHost 10.0.0.97:443>
 +    ServerAdmin webmaster@nausch.org
 +    ServerName ${vhost}.nausch.org
 +    ServerPath /
 +
 +    # Wer soll Zugriff auf die Webseite(n) bekommen?
 +    <Proxy *>
 +        Options +FollowSymLinks +Multiviews -Indexes
 +        AllowOverride None
 +        AuthType Basic
 +        AuthName "Fuer den Zugriff auf den Webserver bitte Anmeldedaten eingeben!"
 +        AuthBasicProvider ldap
 +        AuthLDAPUrl ldaps://openldap.dmz.nausch.org:636/ou=People,dc=nausch,dc=org?uid
 +        AuthLDAPBindDN cn=TechnischerUser,dc=nausch,dc=org
 +        AuthLDAPBindPassword "MwDWrcdRnw95zMt7A5bS/dPnEHuuO7h0"
 +        AuthLDAPBindAuthoritative on
 +        Require ldap-user django
 +    </Proxy>
 +
 +   # Welcher Inhalt soll angezeigt bzw. auf welchen Server sollen die HTTP-Requests weitergeleitet werden?
 +    ProxyRequests Off
 +    ProxyPreserveHost On
 +    ProxyPass / http://10.0.0.127/
 +    ProxyPassReverse / http://10.0.0.127/
 +
 +    # Welche Logdateien sollen beschrieben werden
 +    SetEnvIf Remote_Addr "10\.0\.0\.20" dontlog
 +    ErrorLog  ${errors_log}
 +    CustomLog ${access_log} combined env=!dontlog
 +    CustomLog ${ssl_log} "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
 +
 +    # Absicherung der Übertragung mit Hilfe von TLS
 +    # Django : 2015-10-04 - TLS-Verschlüsselung mit Hilfe von mod_ssl
 +    SSLEngine on
 +    # Definition der anzubietenden Protokolle
 +    SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
 +    # Definition der Cipher
 +    SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384
 +    # Schlüsseldatei, mit der der CSR erstellt wurde
 +    SSLCertificateKeyFile /etc/pki/tls/private/power.nausch.org.serverkey.pem
 +    # Zertifikatsdatei, die von der CA signiert wurde
 +    SSLCertificateFile /etc/pki/tls/certs/power.nausch.org.certificate_161118.pem
 +    # Zertifikatsdatei des bzw. der Intermediate-Zertifikate(s)
 +    SSLCertificateChainFile /etc/pki/tls/certs/AlphaSSL_Intermediate.certificate.pem
 +    # Änderung der Cipherorder der Clients verneinen 
 +    SSLHonorCipherOrder on
 +    # TLS 1.0 Kompremmierung deaktivieren (CRIME attacks)
 +    SSLCompression off
 +    # Online Certificate Status Protocol stapling zum Prüfen des Gültigkeitsstatus des Serverzertifikats.
 +    SSLUseStapling on
 +    SSLStaplingResponderTimeout 5
 +    SSLStaplingReturnResponderErrors off
 +
 +    # HTTP Strict Transport Security (HSTS), bei dem der Server dem Client im HTTP-Header mitteilt,
 +    # dass dieser nur noch verschlüsselt mit dem Server kommunizieren soll.
 +    Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
 +
 +    # This header enables the Cross-site scripting (XSS) filter built into most recent web browsers.
 +    # It's usually enabled by default anyway, so the role of this header is to re-enable the filter for
 +    # this particular website if it was disabled by the user.
 +    # https://www.owasp.org/index.php/List_of_useful_HTTP_headers
 +    #Header set X-XSS-Protection "1; mode=block"
 +    Header always set X-Xss-Protection "1; mode=block"
 +
 +    # when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header,
 +    # to disable content-type sniffing on some browsers.
 +    # https://www.owasp.org/index.php/List_of_useful_HTTP_headers
 +    # currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx
 +    # http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx
 +    # 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020
 +    # Sofern die Datei auch den entsprechenden MIME-Typ "text/css" entspricht, soll der Browser 
 +    # CSS-Dateien nur als CSS interprätieren.
 +    Header always set X-Content-Type-Options nosniff
 +
 +    # config to don't allow the browser to render the page inside an frame or iframe
 +    # and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking
 +    # if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri
 +    # https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
 +    ###header set X-Frame-Options SAMEORIGIN
 +    header always set X-Frame-Options DENY
 +
 +    # hide server header (apache and php version)
 +    Header always unset Server
 +
 +    # Only allow JavaScript from the same domain to be run.
 +    # don't allow inline JavaScript to run.
 +    Header always set X-Content-Security-Policy "allow 'self';"
 +
 +    # Add Secure and HTTP only attributes to cookies
 +    Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
 +
 +    # prevent Clickjacking Attack
 +    #Header always append X-Frame-Options SAMEORIGIN
 +    Header always set X-Frame-Options "SAMEORIGIN"
 +
 +    # hkpk-stuff
 +    Header always set Public-Key-Pins "pin-sha256=\"nMiOpb6vUnjCoWCkPkDaG4ND8SNWzFTsQf2ZfruLno0=\"; pin-sha256=\"INhxSQ38nCS6ijaAAyo4xAhAZj9xeL3Xaak+GGiM2fo=\"; max-age=2592000; report-uri=\"https://nausch.report-uri.io/r/default/hpkp/enforce\""
 +</VirtualHost></file>
 +
 +Bevor wir zur Aktivierung unserer Konfigurationsänderungen den bzw. die HTTP-Daemon einmal durchstarten überprüfen wir unsere Apache-Konfigurationsdateien auf syntaktische Fehler.
 +   # apachectl -t
 +
 +  Syntax OK
 +
 +Ist alles O.K. starten wir den/die Daemon nun einmal neu.
 +   # systemctl restart httpd.service
 +
 +<html><pre class="code">
 +<font style="color: rgb(0, 255, 0)"><b>● </b></font><font style="color: rgb(0, 0, 0)">httpd.service - The Apache HTTP Server
 +   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
 +   Active: <font style="color: rgb(0, 255, 0)"><b>active (running) </b></font><font style="color: rgb(0, 0, 0)"> since Mon 2017-01-09 11:03:23 CET; 48s ago
 +     Docs: man:httpd(8)
 +           man:apachectl(8)
 +  Process: 11642 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
 + Main PID: 11647 (httpd)
 +   Status: "Total requests: 2; Current requests/sec: 0.1; Current traffic: 307 B/sec"
 +   CGroup: /system.slice/httpd.service
 +           ├─11647 /usr/sbin/httpd -DFOREGROUND
 +           ├─11648 /usr/sbin/httpd -DFOREGROUND
 +           ├─11649 /usr/sbin/httpd -DFOREGROUND
 +           ├─11650 /usr/sbin/httpd -DFOREGROUND
 +           ├─11651 /usr/sbin/httpd -DFOREGROUND
 +           ├─11652 /usr/sbin/httpd -DFOREGROUND
 +           └─11699 /usr/sbin/httpd -DFOREGROUND
 +
 +Jan 09 11:03:23 vml000127.dmz.nausch.org systemd[1]: Starting The Apache HTTP Server...
 +Jan 09 11:03:23 vml000127.dmz.nausch.org systemd[1]: Started The Apache HTTP Server.</font>
 +</pre></html>
 +
 +Nun starten wir einen Browser und öffnen die zugehörige URL.
 +   $ konqueror http://power.nausch.org
 +
 +Im ersten Bild sehen wir die Startseite der WEB-GUI.
 +
 +{{ :centos:apcupsd-cgi-01.png?direct&800 |BILD: WEB GUI des APCUPS-Daemon}}
 +
 +Das zweite Bild zeigt die Übersicht zu den aktuellen Stati unserer USV.
 +
 +{{ :centos:apcupsd-cgi-02.png?direct&800 |BILD: WEB GUI des APCUPS-Daemon}}
 +
 +Eine Ansicht aller Detailangaben zeigt das dritte Bild.
 +
 +{{ :centos:apcupsd-cgi-03.png?direct&800 |BILD: WEB GUI des APCUPS-Daemon}}
 +
 +====== Links ======
 +  * **[[wiki:start| ⇐ Zurück zu Projekte und Themenkapitel]]**
 +  * **[[http://dokuwiki.nausch.org/doku.php/|Zurück zur Startseite]]**
 +
 +
 +
 +
  • centos/apc.1483834754.txt.gz
  • Zuletzt geändert: 08.01.2017 00:19.
  • von django