Trying to understand SSL sticky with CSS 11506 / ssl-l4-fallback behavior

Dear experts
I have a CSS 11506 (v7.50) which is used to load balance several SSL-based sites. We use the following textbook content rule:
content mysite-SSL
vip address 10.0.0.1
add service s01
add service s02
add service s03
port 443
protocol tcp
advanced-balance ssl
application ssl
flow-timeout-multiplier 225
active
If I read the manual correctly, SSL L3 session IDs are going to be used till a flow is set up. Then the ssl-l4-fallback (it is enabled) directive kicks in and load balancing is done based on the source IP, destination port.
However, my stats show:
Sticky Statistics - SFM Slot 1, Subslot 1:
Total number of new sticky entries is 4937735
Total number of sticky table hits is 33476045
Total number of sticky rejects (no entry) is 0
Total number of sticky collision is 0
Total number of available sticky entries is 0
Total number of used sticky entries is 131071
Total L3 sticky entries are 131
Total L4 sticky entries are 0
Total SSL sticky entries are 130940
Total WAP sticky entries are 0
Total number of SIPCID sticky entries is 0
So, why don't I see anything in the L4 sticky entries?
Also, I would expect that once the ssl-l4-fallback kicks in, a client will be always directed to the same server (since the CSS uses now source IP, dest port for load balancing). However, if I close and start again my browser I hit a different server.
Your thoughts and suggestions are highly appreciated.
John.

Hi Gilles
Thank you for your response. If I may ask the group for a final further clarification, so as to put this matter to rest. Since there are a lot of frames transmitted in either direction, I would expect the following to be happening and overriding the use of SSLv3 session IDs. Following is the section of the manual that seems to contradict what you say (and I see on the stats). Am I reading the manual wrong?
"Cisco Content Services Switch
Content Load-Balancing
Configuration Guide
Software Version 8.20
November 2006
page 11-14
Configuring SSL-Layer 4 Fallback
Insertion of the Layer 4 hash value into the sticky table occurs when more than
three frames are transmitted in either direction (client-to-server, server-to-client)
or if SSL version 2 is in use on the network. If either condition occurs, the CSS
inserts the Layer 4 hash value into the sticky table, overriding the further use of
the SSL version 3 session ID."

Similar Messages

HTTPS ans SSL with CSS (No SSL Module)

Hi,
My customers have two server and need to load balance.
These servers initiate SSL.
and VIP address is :
https://erpappl.erp.mis.blabla.tgc:8005
My CSS has no ssl module. An dconfiguration is:
service venice
ip address 10.200.104.32
protocol tcp
port 8005
keepalive type tcp
keepalive port 8005
redundant-index 120
active
service calgary
ip address 10.200.104.33
protocol tcp
port 8005
keepalive type tcp
keepalive port 8005
redundant-index 121
active
owner ERPAPPL
content erpapp_test
add service venice
add service calgary
redundant-index 60
vip address 10.200.104.28
protocol tcp
port 8005
url "/*"
arrowpoint-cookie expiration 00:00:03:00
advanced-balance arrowpoint-cookie
application ssl
active
After this configuration I cannot reach the URL shown above.
Can you help me?

if this is encrypted traffic [HTTPS] the CSS can't see the content of the packet.
So the CSS can't see the url [-> so the command url "/*" is incorrtect and should be removed] and the CSS can't see cookies [so the arrowpoint-cookie command is wrong and should be removed].
If we sell an SSL module, there is a reason :-)
The only sticky option you can use are :
- sticky based on srcip
- sticky on sslid
The first option [srcip] has a problem with mega proxy [many users being nated with the same ip] and the 2nd option has the problem that it only works with SSLV2 and that some browsers do not use the sslid.
Gilles.

Trying to understand library management with Premiere

So, I think I'm missing the forest for the trees here but I appreciate the help.
I'm migrating from FCPX to Premiere Pro. I am used to the idea of a library with my videos that I can categorize, tag and prune. This library is not part of any project but when I make projects I can draw upon it.
Now I want to take all my clips and organize them in "the premiere way" whatever that is. But When I open prelude it wants me to make a project. I'm not sure what for as I'm not planning any particular cut right now. All I want is to organize and view my clips and generally rebuild my library.
How should I do this? Or should I just forget this concept, make some folders with my clips on an HD and then wait until i'm making a video of some sort?
Thanks!
Jordan

Coming from a pro stills background, we've got 'archives' here of thousands of images. Catalogued & etc. some, older ones sadly stored but not catalogued. So I know what you're wanting ... a decently searchable & usable library of visual assets, grab what you want for any project.
Um ... though Adobe's made Lightroom into a nearly decent Digital Asset Management program, and supposedly Prelude is the rough equivalent video-wise, they've not actually made it into a DAM program. For some weird reason I cannot fathom. I've had contact with staffers through the Prelude forum, and they're very interested in hearing ideas on DAM set-up for their program, note they probably should have taken that into heart when starting the initial design, continue by noting that actually making it DAM-sort-of would involve a major change in several areas of code design ... and suggest I put in the ol' feature-request forms. Which I have.
So at the moment the 'best' cataloging program for Adobe is ... Lr ... which has some ability to look at & read video files, almost no ability to do much with them, but some ability to track & catalog 'em.
Not the ideal situation I'd like ... to be very, very polite & understated. Which of course, I always am ...

Trying to understand Text Filters with "contain"?

I setup a text filter with the option of "contain" or "contains all" and a filter value of "Scouts" yet I get numerous pictures that don't match this? For example the following picture with these keywords, "band, Flutes, Matthew Leach, ZORK", come back from the filter request.
If I switch to "contains words" then the filter appears to work as suspected.
This is version 2.6.
David

David, this does seem anomalous. Are you sure that you have cleared the value field? Have you selected the correct Folder for searching? I cannot see how images not containing the search term in the chosen field are returned.
Try a simple experiment. Select a folder, any folder; select one image and examine the keywords. Copy one of those keywords and search the whole folder for that term. Pictures with that keyword should appear. Check randomly to confirm the presence of the search term. If that works, your technique is OK.
Select 'none' in the search panel and start again with a folder known to contain 'scouts' and choose 'select'. You don't need to use 'select all' unless you include more than one search term. Hope this helps.
David

CSS - SSL Stickiness

Gilles,
Could you please advice the CSS content configured with stickiness SSL ID and balance method round robin is recommended configuration or not.Are there are any issues with SSL stickiness with the browsers i.e IE .
Note:- I am not using SSL Module in the CSS.
Thanks in advance...

There are two issues
Some versions of IE (5.0, 5.5 --check http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q265369) will
cause the client to change its SSL ID every 2 minutes and this will break
stickyness with application ssl and advanced balance SSL as this is layer 5
stickyness based on SSL session ID. A sniffer trace from the client will
show the ID field change.
You have to be aware that SSL stickiness will only work with SSL v3,
because it comes with the session ID not encrypted. SSL v2 comes with the session ID encrypted and you can't do stickyness
based on that version.So your appliaction servers must be using SSL v3, if you want to use SSL ID based stickiness.
Hope it helps
Syed Iftekhar Ahmed

Problem with stickiness in CSS

Hi,
I'm trying to configure a stickiness for wireless clients ( mobile phones) that accessing our sites through WAP gateway.
After doing some manual reading and some testing I created the following configuration that still doesn't work:
service server1
ip address 10.10.10.1
port 80
protocol tcp
keepalive port 80
keepalive frequency 10
keepalive uri "/heartbeat"
keepalive type http
active
service server2
ip address 10.10.10.2
port 80
protocol tcp
keepalive port 80
keepalive frequency 10
keepalive uri "/heartbeat"
keepalive type http
active
header-field-group wap
header-field 4 custom "x-up-calling-line-id" contain "34"
content http
vip address 10.10.5.10
port 80
protocol tcp
add service server1
add service server2
active
content wap
url "/*"
protocol tcp
port 80
vip address 10.10.5.10
add service server1
add service server2
advanced-balance wap-msisdn
header-field-rule wap
no persistent
active
theoretically it should check whether x-app-calling-id header contain digits 34 - in case of existence it should perform a sticky connection to the same server all the time ,if not it should go to standard http connection that is load balanced with round robbin

First of all thanks for the response.
#show rule test-1 test-wap services
The output is :
server1 6,521,242 S-1 Alive 25 HTTP-80:H 0 0
server2 5,494,544 S-1 Alive 18 HTTP-80:H 0 0
so i guess it hits the rule
I also have about 1 million hits on the http rule.
So i guess the rule is being hit but the stickiness is not working correctly.
Are there any specific commands you can recommend to troubleshoot?

CSS - 11506 - Adding New SSL Services on Single SSL Modules

Hi,
We are having one pair of CCS 11506 currently SSL services are running on slot4 with single SSL module.Now we are planning to add one more SSL application with different certificates & keys on different VIP.
Can we use the same slot4 for new application & using different certicates & keys on same SSL modules.Your reponse is appriecated

Hi Sean,
Thanks for replying back just want few clarifcations in configuration part.
1. If new vlan is given for new application then how to point routes to the new vlan as default routes to exisitng vlan is already present.
2. I've prepare sample config template with details steps & let us know will it work & if changes is required kindly let us know.
1.# ftp-record ssl_record 192.168.19.21 johndoe "abc123"
/home/johndoe
2.# copy ssl sftp ssl_record import rsacert.pem PEM "passwd123"
Connecting
Completed successfully
3.# copy ssl sftp ssl_record import rsakey.pem PEM "passwd123"
Connecting
Completed successfully
4.Enter configuration mode.
# config
(config) #
4. To use RSA public key exchange and authentication:
a. Associate the imported RSA certificate with a file.
(config) # ssl associate cert myrsacert1 rsacert.pem
b. Associate the imported RSA key pair with a file.
(config) # ssl associate rsakey myrsakey1 rsakey.pem
5. Compare the public key in the associated certificate with the public key
stored with the associated private key and verify that they are identical.
(config) # ssl verify myrsacert1 myrsakey1
Certificate mycert1 matches key mykey1
ssl associate rsakey NEWKEY newkey.pem
ssl associate cert NEWCERT newcert.pem
!************************* INTERFACE *************************
interface 3/3
description "****WEB SIDE****"
bridge vlan _ID_X.X.X.X
bridge port-fast enable
interface 3/4
bridge vlan_ID_Y.Y.Y.Y
bridge port-fast enable
description "****PIX SIDE****"
!************************** CIRCUIT **************************
circuit VLAN_ID_X
ip address A.A.A.A B.B.B.0
ip virtual-router 2 priority 101 preempt
ip redundant-interface 3 C.C.C.C
ip critical-service 3 chk-con-pix_Y.Y.Y.Y
ip critical-service 3 chk-con-web_X.X.X.X
circuit VLAN_ID_Y
ip address D.D.D.D E.E.E.0
ip virtual-router 4 priority 101 preempt
ip redundant-vip 4 F.F.F.F
ip critical-service 4 chk-con-pix_Y.Y.Y.Y
ip critical-service 4 chk-con-web_X.X.X.X
!*********************** SSL PROXY LIST ***********************
ssl-proxy-list NEW
ssl-server 20
ssl-server 20 vip address F.F.F.F
ssl-server 20 cipher rsa-with-rc4-128-sha F.F.F.F 81
ssl-server 20 cipher rsa-with-rc4-128-md5 F.F.F.F 81
ssl-server 20 rsacert NEWCERT
ssl-server 20 rsakey NEWKEY
active
!************************** SERVICE **************************
service FRONT_SSL
type ssl-accel
slot 4
keepalive type none
add ssl-proxy-list NEW
active
service WEBSERVER-03
ip address G.G.G.G
redundant-index 3
protocol tcp
port 80
active
service WEBSERVER-04
ip address H.H.H.H
redundant-index 4
protocol tcp
port 80
active
service chk-con-pix_Y.Y.Y.Y
keepalive type script ap-kal-pinglist "N.N.N.N"
ip address J.J.J.J
keepalive frequency 2
keepalive maxfailure 2
keepalive retryperiod 2
active
service chk-con-web_X
ip address K.K.K.K
keepalive type script ap-kal-pinglist "P.P.P.P"
keepalive frequency 2
keepalive maxfailure 2
keepalive retryperiod 2
active
!*************************** OWNER ***************************
owner NEW
content BACKNEW_HTTP
vip address F.F.F.F
add service WEBSERVER-03
add service WEBSERVER-04
protocol tcp
port 81
url "/*"
redundant-index 5
no persistent
active
content FRONTENDNEW_SSL
vip address F.F.F.F
protocol tcp
port 443
application ssl
add service FRONT_SSL
active
content NEW
url "//www.ABC.com/*"
vip address F.F.F.F
protocol tcp
port 80
redundant-index 4
redirect "https://ABC.com"
active
your reply on this would be highly appericated.

Trying to do this cool hover effect with CSS only...

I've got 'img' thumbnails that are sometimes positioned
absolutely,
sometimes relatively, but aren't individually contained in
anything, like so
<a href="#">
<img src="image1.png" width="100" height="150" border="0"
class="tn" />
</a>
<a href="#">
<img src="image2.png" width="100" height="150" border="0"
class="tn" />
</a>
Now, I've already brought up the limitations of PNG on IE
(namely, even if
you "fix" PNG support on IE, IE will flatten your alpha
channels and strip
the individual pixels' transparency levels before overriding
them with a
single common attribute). This limitation makes it impossible
for me to do a
simple 90%-to-100% hover effect to "highlight" the thumbnail
on mouseover.
Micha recommended placing normal a highlighted versions of
the same
thumbnail inside and outside the viewport, and swapping them
on mouseover.
However, that would double the amount of image data being
sent to the user.
So what I thought to do, instead, is superpose a standalone
PNG of a small
spotlight, OVER the original thumbnail, on hover. Because it
would be the
same PNG being superposed over each thumb being hovered over,
the amount of
image data being sent to the user wouldn't be all that
different.
Would I need javascript for this, or can it be done with CSS
only?
Again, it would be the same spotlight.png file being
superposed on images on
mouseover, and it wouldn't be a big deal if the image bled
over surrounding
images (it would actually make it look more real).
Thanks.

say wha???
--Nancy O.
Alt-Web Design & Publishing
www.alt-web.com
"Murray *ACE*" <[email protected]> wrote
in message
news:[email protected]...
> Nobody can disagree with that analysis, but a LOADING
page would do
nothing
> to help with this, doncha know?
>
> --
> Murray --- ICQ 71997575
> Adobe Community Expert
> (If you *MUST* email me, don't LAUGH when you do so!)
> ==================
>
http://www.projectseven.com/go
- DW FAQs, Tutorials & Resources
>
http://www.dwfaq.com - DW FAQs,
Tutorials & Resources
> ==================
>
>
> "Nancy O" <[email protected]> wrote in
message
> news:[email protected]...
> > Sprite images are a tad smaller in filesize than
the sum of their
> > individual
> > parts. As you say, Murray, it's marginal. But the
real *efficiency*
> > comes
> > from fewer server requests to load multiple images.
Once the sprite has
> > loaded, there is no perceivable delay on hover - as
there often is with
> > conventional image swapping. Finally, since the
substitution effect is
> > pure
> > CSS, there's no need for JavaScripts which can add
weight to a page.
> >
> >
> > --Nancy O.
> > Alt-Web Design & Publishing
> > www.alt-web.com
> >
> >
> > "Murray *ACE*"
<[email protected]> wrote in message
> > news:[email protected]...
> >> By their nature, sprites are larger
dimensionally than the individual
> >> images, so the savings would be marginal, I
think. What I mean by that
> >> is
> > a
> >> simple rollover sprite would be the same size
as the combined up and
over
> >> images, placed adjacent to each other, no?
> >>
> >> --
> >> Murray --- ICQ 71997575
> >> Adobe Community Expert
> >> (If you *MUST* email me, don't LAUGH when you
do so!)
> >> ==================
> >>
http://www.projectseven.com/go
- DW FAQs, Tutorials & Resources
> >>
http://www.dwfaq.com - DW FAQs,
Tutorials & Resources
> >> ==================
> >>
> >>
> >> "Nancy O" <[email protected]>
wrote in message
> >> news:[email protected]...
> >> >< Micha recommended placing normal &
highlighted versions of the same
> >> > thumbnail inside and outside the viewport,
and swapping them on
> > mouseover.
> >> > However, that would double the amount of
image data being sent to the
> >> > user.>
> >> >
> >> > Not if you use a sprite. Have a look at
this CSS Sprite Demo.
> >> >
http://alt-web.com/CSS-Sprite-Demo.html
> >> >
> >> >
> >> > --Nancy O.
> >> > Alt-Web Design & Publishing
> >> > www.alt-web.com
> >> >
> >> >
> >> >
> >> > "Mike" <[email protected]> wrote in
message
> >> > news:[email protected]...
> >> >> I've got 'img' thumbnails that are
sometimes positioned absolutely,
> >> >> sometimes relatively, but aren't
individually contained in anything,
> > like
> >> > so
> >> >> :
> >> >>
> >> >> <a href="#">
> >> >> <img src="image1.png" width="100"
height="150" border="0"
class="tn"
> > />
> >> >> </a>
> >> >> <a href="#">
> >> >> <img src="image2.png" width="100"
height="150" border="0"
class="tn"
> > />
> >> >> </a>
> >> >>
> >> >> Now, I've already brought up the
limitations of PNG on IE (namely,
> >> >> even
> >> >> if
> >> >> you "fix" PNG support on IE, IE will
flatten your alpha channels and
> >> >> strip
> >> >> the individual pixels' transparency
levels before overriding them
with
> > a
> >> >> single common attribute). This
limitation makes it impossible for me
> >> >> to
> >> >> do
> >> > a
> >> >> simple 90%-to-100% hover effect to
"highlight" the thumbnail on
> >> >> mouseover.
> >> >>
> >> >> Micha recommended placing normal a
highlighted versions of the same
> >> >> thumbnail inside and outside the
viewport, and swapping them on
> >> >> mouseover.
> >> >> However, that would double the amount
of image data being sent to
the
> >> > user.
> >> >>
> >> >> So what I thought to do, instead, is
superpose a standalone PNG of a
> >> >> small
> >> >> spotlight, OVER the original
thumbnail, on hover. Because it would
be
> > the
> >> >> same PNG being superposed over each
thumb being hovered over, the
> > amount
> >> > of
> >> >> image data being sent to the user
wouldn't be all that different.
> >> >>
> >> >> Would I need javascript for this, or
can it be done with CSS only?
> >> >>
> >> >> Again, it would be the same
spotlight.png file being superposed on
> > images
> >> > on
> >> >> mouseover, and it wouldn't be a big
deal if the image bled over
> >> > surrounding
> >> >> images (it would actually make it look
more real).
> >> >>
> >> >> Thanks.
> >> >>
> >> >>
> >> >
> >> >
> >>
> >
> >
>

Load Balancing with a CSM & SSL Module

I'm trying to understand the best way to balance traffic to two servers when decrypting and re-encrypting with the CSM and an SSL module. I take the SSL traffic hitting the first CSM VIP and forward to the SSL module for decryption. Send the decrypted traffic back to another VIP on the CSM. Send the traffic to the client proxy VIP on the SSL which encrypts the traffic and forwards to the CSM VIP. That final VIP passes the traffic to the serverfarm containing the actual servers. How do I make sure the traffic is balanced between the final VIP and my servers. It seems that sticking on SSL session ID is the only way to go at that point which made decryption pointless. I feel like I'm missing something basic here.
Thanks..

Hi David,
Here find some full config example for your perusal for CSM and SSL Services Module Initial Configuration Example
http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a0080216c16.shtml
2nd config example to Configuring CSM to Load Balance SSL to a Farm of SCAs for One-Armed Proxy Mode
http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00801aca55.shtml
Sachin garg

Can this be done with css rollovers?

Hi,
I'm using Dreamweaver CS4 on a Windows PC. I understand the basics of css rollovers where you change the background image position up or down but the text used will still end up being a common font that will suit every pc. What I'd like to do is use an uncommon font in my navigation bar. I made an image in photoshop that had two versions of a word like home for example one on top of the other like you would for a css rollover but once I created a link I had the link color border around the image, so it didn't work. Here is a link to a website that is similar to what I'm trying to do http://www.inksmithtattoo.com/. Look at the navigation, can this be done using css rollovers? If not how do you think it was done? Is there a way to use uncommon fonts in a navigation bar? I even did some research on using Dreamweavers hotspot function but found that there were issues in using it for navigation. I'm getting pretty familar with Dreamweaver but I'm not that good at coding so if anyone does have any ideas please include some keywords that I can google and read more about what your trying to say, links to the info would be even better but I realize that if your as busy as I am you can't take that kind of time.
Any ideas or help will be greatly appreciated.
Thank you to all, dluthier

That site is using images only. It is not a text based link:
here is the css they are using:
#navAbout a {
-moz-background-clip:border;
-moz-background-inline-policy:continuous;
-moz-background-origin:padding;
background:transparent url(../_img/navAbout-Home.gif) no-repeat scroll 0 0;
left:473px;
top:318px;
As you can see it is an image only. See the attachment with this post. Also since it is a background image it won't show up if you right click on the so seemed text
Please install firebug or webdeveloper plugin if on Firefox and you will be able to inspect the elements and know what exactly they are.
Hope it helps
Regards,
Vinay

Can I do this with CSS?

I’m trying to figure out how to do this with css. Is it
possible?
I am using a .container to display a bottom image, .container
p to display right/left borders, & .container h2 to display top
image. I have a image floated w/in the <p> and I’d like
to have a list of links to the left of the image and <p>
element. (I’ve moved the <p> over using padding-left of
155px.
See the grey box
http://cellocelli.com/test2.htm
Is it possible to include a list of link within that area
left of the picture & text using css?

sorry, i don't understand the question.
I took a look at your page code and was a bit disturbed with
all the IE conditional comments.
Although it's not relatited to your question, if you need so
many conditional comments you're doing
something wrong.
Then are you saying you placed an image in an h2 tag?
Why not style the image itself instead of an h2 tag (and not
place the image in a tag)?...
derek jee wrote:
> I?m trying to figure out how to do this with css. Is it
possible?
>
> I am using a .container to display a bottom image,
.container p to display
> right/left borders, & .container h2 to display top
image. I have a image
> floated w/in the <p> and I?d like to have a list
of links to the left of the
> image and <p> element. (I?ve moved the <p>
over using padding-left of 155px.
> See the grey box
http://cellocelli.com/test2.htm
> Is it possible to include a list of link within that
area left of the picture
> & text using css?
>
>
> .containerBottom {
> width: 520px;
> float: left;
> background-color: #758279;
> background-image:url(../Images/BkGrd/bg_bottom.gif);
> background-repeat: no-repeat; background-position:
bottom;
> margin-bottom: 20px;
> }
>
> .containerBottom p {
> font: normal 1.2em Verdana;
> line-height:150%;
> color: #fff;
> margin:0px;
> padding: 5px 10px 5px 155px;
> border-left: 1px solid #333; border-right: 1px solid
#333;
> }
>
> .containerBottom h2 {
> color:#fff;
> font-size: 1.3em;
> padding: 15px 14px 15px 12px;
> margin: 0px;
> text-align: left;
> background-image:url(../Images/BkGrd/bg_top.gif);
> background-repeat: no-repeat; background-position: right
top;
> }
>
> .containerImage {
> margin-right: 13px;
> margin-bottom: 4px;
> float:left;
> background-color:#CCCCCC;
> outline:1px solid #000;
> }
>
seb ( [email protected])
http://webtrans1.com | high-end web
design
An Ingenious WebSite Builder:
http://sitelander.com

Help with CSS Page Layout

I guess I am "old school" in that I have always used tables
to lay out my web pages. I decided I must learn to do it with CSS,
but I'm having a terrible time (and it shouldn't be so hard!). I
understand how to define the styles, add divs, etc. Here's what I'm
having trouble with:
How do I specify the normal page width to be 800 pixels,
however I want it to be relative to the browser (i.e., 100% of 800
pixels).
I understand the "float" tag, but if I have a right-hand
sidebar, I can't seem to get the text to the left (in a div called
"maincontent") to stop at the sidebar and wrap to the next line. I
tried specifying "Hidden" as my textbook suggests, but that has no
effect.
I can easily do all of this with tables, so do I really need
to abandon them?
Thanks!

Hi Jane,
I'll try to answer all your questions, then a tip or two to
stop the main
content from dropping when the browser window size is
reduced.
- " I didn't realize that
margin-top: 0px;
margin-right: auto;
is not the same as margin: 0px auto;
That's right.
margin: 0px auto; is actaully saying make the top margin 0,
the right margin
auto, the bottom margin 0 and the left margin auto.
It's just CSS shorthand.
For example, you might have:
margin-top: 10px;
margin-right: 20px;
margin-bottom: 5px;
margin-left:15px;
You could just use margin: {10px 20px 5px 15px;}
Think of a clock to remember the directions.
12:00 top, 3:00 right, 6:00 bottom, 9:00 left.
If any of the values are the same, you can shorten it more.
For example, if top is 10, right is 20, bottom is 5 and left
is 20, it's
margin: {10px 20px 5px;}
If the 4th location (left) is missing a value, it makes it
the same as what
you have for right.
If top and bottom are 10px, and left and right are 20px,
it's:
margin {10px 20px;}
If the last two positions ( bottom and left vlaues ) are
missing, then it
will use the top value for the bottom, and the right value
for the left.
What auto right and left is doing is subtracting your content
width (the
container width) from the browser window width, and then
dividing the
remainder in 2 and applying each value to each side of the
container.
-"I found that they all took on the font of the maincontent
and I had to fix
them
individually. "
The only text that should be Time is the text in your main
content, where
you have that font defined. Everything else should be Arial
if you define
the body as such. I'll post a link at the end of this.
- "I put my bold sentence (Friendship, Fun, etc.) in h1, but
I had to change
the
color & size, so that added another style element. "
You don't need to give the h1 a class. You can actually just
style the h1
tag:
h1 {
margin: 10px 10px 2px;
font-size: larger;
color: #941238;
You can only use h1 once on a page.
You can use h2, h3, h4, etc, as many times as you would like,
and you can
style these just like the h1 style above.
- "I don't quite understand the .rightsidebar p { and
container p{
I am assigning the spacing to the <p> tag? What exactly
is that doing?"
That is saying, give all the <p> tags inside the
rightsidebar container the
follwing style.
So, in this example:
.rightsidebar p {
font-size: 18px;
margin: 2px 10px;
it's saying give all the <p> tags in this container a
size of 18 and margin
of 2px top and bottom, and 10px left and right.
It's a lot easier than giving a class to every <p> tag
- "I also don't quite understand the .clear {
Why not just choose clear:both on the next section <div
class="footer">"
You could, if the footer was in the container. It just needs
to be the final
element before the close of a container that contains the
float(s).
-Do you use the <div class="container"> technique all
the time?
Yes, most of the time. I usually put everything in it, and
use the
margin:0px auto; to center it.
That way, I don't have to try to get a number of different
elements to align
with the right and left sides by applying values to all of
them, which can
get tricky quickly.
-"If you'll indulge me one more question, I wonder if it's
possible to put a
graphic (say, of a putting green) underneath my
rightsidebar? I would want
the sidebar to lay on top of the putting green for an
interesting artistic
touch.
Yes, you can give that div a background image. You just need
to make the div
the same size as the image so you see it all (or vice-versa).
Now, to make that maincontent not drop like it does you can
remove the width
in the CSS. Now it will expand over to the left edge of the
rightsidebar.
You can control how close it gets by giving the right sidebar
a bigger left
margin. The point is, with no width assigned, the maincontent
will shrink
down to the longest word in it before it drops.
Here's what it looks like:
http://tnsgraphics.com/test2.htm
Let me know if you have any questions.
Take care,
Tim
"janeinpa" <[email protected]> wrote in
message
news:[email protected]...
> Hi, Tim...
>
> You have been very kind to help me learn CSS! I very
much appreciate it
> and
> am really delighted to have gained a better
understanding of this. I
> studied
> all your suggestions and started the page from scratch.
Take a look here:
>
http://www.allisonwebcreations.com/ewga_site/good_page/indexgood.htm
I'm
> very
> pleased with it. I discovered a couple of things:
>
> I didn't realize that
> margin-top: 0px;
> margin-right: auto;
>
> is not the same as margin: 0px auto;
>
> are they two different codes? Anyway, it didn't center
until I fixed
> that.
>
> I understand what you're saying about the font codes
being redundant,
> however
> I found that they all took on the font of the
maincontent and I had to fix
> them
> individually. This must be an error in how I'm coding
it. Is the order
> in
> which I did them to blame? I put it in the order that
I'm reading it, but
> perhaps I should do it differently.
>
> I also couldn't get the footer to move left to the
margin. I'm not sure
> why,
> since I think I followed all your suggestions.
>
> I put my bold sentence (Friendship, Fun, etc.) in h1,
but I had to change
> the
> color & size, so that added another style element.
I'm afraid that
> probably
> isn't correct. I also couldn't have my normal content
text follow
> immediately
> on the same line. Maybe that isn't possible.
>
> I don't quite understand the .rightsidebar p { and
container p{
> I am assigning the spacing to the <p> tag? What
exactly is that doing?
>
> I also don't quite understand the .clear {
> Why not just choose clear:both on the next section
<div class="footer"> ?
>
> Do you use the <div class="container"> technique
all the time? How do you
> decide what goes in it -- just floating items or can I
think of it as a
> table
> that holds all my main blocks of info? Why not include
the footer in it?
>
> If you'll indulge me one more question, I wonder if it's
possible to put a
> graphic (say, of a putting green) underneath my
rightsidebar? I would
> want the
> sidebar to lay on top of the putting green for an
interesting artistic
> touch.
>
> Thank you, thank you, thank you again. Here are my css
codes (which I
> have in
> an external file. Is it better to import or link to the
file?)
>
> Have a wonderful New Year.
>
>
>
>
>
>
> .body {
> padding: 0px;
> margin-top: 0px;
> font-family: Arial, Helvetica, sans-serif;
> }
> .masthead {
> width: 780px;
> margin: 0px auto;
> padding-top: 10px;
> padding-right: 0px;
> }
> .maincontent {
> background-color: #FFFFFF;
> text-align: left;
> width: 60%;
> margin-top: 0px;
> padding-top: 10px;
> padding-right: 0px;
> font-family: "Times New Roman", Times, serif;
> font-size: medium;
> color: #000000;
> }
> .maincontent p{
> margin-top: 2px;
> margin-right: 10px;
>
> }
> .rightsidebar {
> font-size: small;
> background-color: #DEEBE4;
> text-align: center;
> float: right;
> width: 250px;
> margin-top: 10px;
> margin-left: 20px;
> border: thick solid #941238;
> font-family: Arial, Helvetica, sans-serif;
> padding: 10px;
>
> }
> .leftbox {
> font-size: small;
> font-style: italic;
> color: #336600;
> background-color: #DEEBE4;
> text-align: center;
> clear: both;
> width: 300px;
> margin-top: 50px;
> border: thin solid #941238;
> font-family: Arial, Helvetica, sans-serif;
> padding: 10px;
> }
> .footer {
> font-size: small;
> margin: 100px;
> font-family: Geneva, Arial, Helvetica, sans-serif;
> font-style: normal;
> }
> .container {
> width: 90%;
> margin: 0px auto;
> }
> .clear {
> font-size: 1px;
> line-height: 0px;
> clear: both;
> height: 0px;
> }
> .event {
> font-size: 24px;
> font-weight: bold;
> color: #00493E;
> }
> .upcomingdate {
> font-size: 20px;
> color: #990134;
> font-weight: bold;
> font-family: Arial, Helvetica, sans-serif;
> }
>
> .eventitem {
> font-size: 18px;
> color: #000000;
> font-weight: bold;
> margin: 0px;
> }
> .eventlink {
> font-size: 14px;
> font-style: italic;
> margin: 0px;
> }
> .smallboxhead {
> font-size: large;
> color: #00493E;
> font-style: normal;
> font-weight: bold;
> }
> .companyname {
> font-family: Verdana, Arial, Helvetica, sans-serif;
> font-size: small;
> font-style: italic;
> color: 990134;
> }
>

SSL Sticky feature...

We were trying SSL Sticky feature with two real http servers and it
does not seem to work..
When i configure ssl sticky for the https VIP, it apparently, sticks
the connection to the first leg i.e, the SSL Termination. However, the
second leg i.e, the decrypted session between the SSL card and real
server are not sticking together.. I am not
sure if this is supported in the first place.., Can someone confirm this please..? and you if you have some working configuration, please share..

Btw, I am looking for a CSM-S config, but a CSM with SSLM config will help as well..
Thanks

How To Install A (Almost) Working Lion Server With Profile Management/SSL/OD/Mail/iCal/Address Book/VNC/Web/etc.

I recently installed a fresh version of Lion Server after attempting to fix a broken upgrade. With some help from others, I've managed to get all the new features working and have kept notes, having found that many or most of the necessary installation steps for both the OS and its services are almost entirely undocumented. When you get them working, they work great, but the entire process is very fragile, with simple setup steps causing breaks or even malicious behaviors. In case this is useful to others, here are my notes.
Start with an erased, virgin, single guid partitioned drive. Not an upgrade. Not simply a repartitioned drive. Erased. Clean. Anything else can and probably will break the Lion Server install, as I discovered myself more than once. Before erasing my drive, I already had Lion and made a Lion install DVD from instructions widely available on the web. I suppose you could also boot into the Lion recovery partition and use disk utility to erase the OS X partition then install a new partition, but I cut a DVD. The bottom line is to erase any old OS partitions. And of course to have multiple, independent backups: I use both Time Machine with a modified StdExclusions.plist and Carbon Copy Cloner.
Also, if you will be running your own personal cloud, you will want to know your domain name ahead of time, as this will be propagated everywhere throughout server, and changing anything related to SSL on Lion Server is a nightmare that I haven't figured out. If you don't yet have a domain name, go drop ten dollars at namecheap.com or wherever and reserve one before you start. Soemday someone will document how to change this stuff without breaking Lion Server, but we're not there yet. I'll assume the top-level domain name "domain.com" here.
Given good backups, a Lion Install DVD (or Recovery Partition), and a domain name, here are the steps, apparently all of which must be more-or-less strictly followed in this order.
DVD>Disk Utility>Erase Disk [or Recovery Partition>Disk Utility>Erase Partition]
DVD>Install Lion
Reboot, hopefully Lion install kicks in
Update, update, update Lion (NOT Lion Server yet) until no more updates
System Preferences>Network>Static IP on the LAN (say 10.0.1.2) and Computer name ("server" is a good standbye)
Terminal>$ sudo scutil --set HostName server.domain.com
App Store>Install Lion Server and run through the Setup
Download install Server Admin Tools, then update, update, update until no more updates
Server Admin>DNS>Zones [IF THIS WASN'T AUTOMAGICALLY CREATED (mine wasn't): Add zone domain.com with Nameserver "server.domain.com." (that's a FQDN terminated with a period) and a Mail Exchanger (MX record) "server.domain.com." with priority 10. Add Record>Add Machine (A record) server.domain.com pointing to the server's static IP. You can add fancier DNS aliases and a simpler MX record below after you get through the crucial steps.]
System Prefs>Network>Advanced>Set your DNS server to 127.0.0.1
A few DNS set-up steps and these most important steps:
A. Check that the Unix command "hostname" returns the correct hostname and you can see this hostname in Server.app>Hardware>Network
B. Check that DNS works: the unix commands "host server.domain.com" and "host 10.0.1.2" (assuming that that's your static IP) should point to each other. Do not proceed until DNS works.
C. Get Apple Push Notification Services CA via Server.app>Hardware>Settings><Click toggle, Edit... get a new cert ...>
D. Server.app>Profile Manager>Configure... [Magic script should create OD Master, signed SSL cert]
E. Server.app>Hardware>Settings>SSL Certificate> [Check to make sure it's set to the one just created]
F. Using Server.app, turn on the web, then Server.app>Profile Manager> [Click on hyperlink to get to web page, e.g. server.domain.com/profilemanager] Upper RHS pull-down, install Trust Profile
G. Keychain Access>System>Certificates [Find the automatically generated cert "Domain", the one that is a "Root certificate authority", Highlight and Export as .cer, email to all iOS devices, and click on the authority on the device. It should be entered as a trusted CA on all iOS devices. While you're at it, highlight and Export... as a .cer the certificate "IntermediateCA_SERVER.DOMAIN.COM_1", which is listed an an "Intermediate CA" -- you will use this to establish secure SSL connections with remote browsers hitting your server.]
H. iOS on LAN: browse to server.domain.com/mydevices> [click on LHS Install trust cert, then RHS Enroll device.
I. Test from web browser server.domain.com/mydevices: Lock Device to test
J. ??? Profit
12. Server Admin>DNS>Zones> Add convenient DNS alias records if necessary, e.g., mail.domain.com, smtp.domain.com, www.domain.com. If you want to refer to your box using the convenient shorthand "domain.com", you must enter the A record (NOT alias) "domain.com." FQDN pointing to the server's fixed IP. You can also enter the convenient short MX record "domain.com." with priority 11. This will all work on the LAN -- all these settings must be mirrored on the outside internet using the service from which you registered domain.com.
You are now ready to begin turning on your services. Here are a few important details and gotchas setting up cloud services.
Firewall
Server Admin>Firewall>Services> Open up all ports needed by whichever services you want to run and set up your router (assuming that your server sits behind a router) to port forward these ports to your router's LAN IP. This is most a straightforward exercise in grepping for the correct ports on this page, but there are several jaw-droppingly undocumented omissions of crucial ports for Push Services and Device Enrollment. If you want to enroll your iOS devices, make sure port 1640 is open. If you want Push Notifications to work (you do), then ports 2195, 2196, 5218, and 5223 must be open. The Unix commands "lsof -i :5218" and "nmap -p 5218 server.domain.com" (nmap available from Macports after installing Xcode from the App Store) help show which ports are open.
SSH
Do this with strong security. Server.app to turn on remote logins (open port 22), but edit /etc/sshd_config to turn off root and password logins.
PermitRootLogin no
PasswordAuthentication no
ChallengeResponseAuthentication no
I'm note sure if toggling the Allow remote logins will load this config file or, run "sudo launchctl unload -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist ; sudo launchctl load -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist" to restart the server's ssh daemon.
Then use ssh-keygen on remote client to generate public/private keys that can be used to remotely login to the server.
client$ ssh-keygen -t rsa -b 2048 -C client_name
[Securely copy ~/.ssh/id_rsa.pub from client to server.]
server$ cat id_rsa.pub > ~/.ssh/known_hosts
I also like DenyHosts, which emails detected ssh attacks to [email protected]. It's amazing how many ssh attacks there are on any open port 22. Not really an added security feature if you've turned off password logins, but good to monitor. Here's a Lion Server diff for the config file /usr/share/denyhosts:
$ diff denyhosts.cfg-dist denyhosts.cfg
12c12
< SECURE_LOG = /var/log/secure
> #SECURE_LOG = /var/log/secure
22a23
> SECURE_LOG = /var/log/secure.log
34c35
< HOSTS_DENY = /etc/hosts.deny
> #HOSTS_DENY = /etc/hosts.deny
40a42,44
> #
> # Mac OS X Lion Server
> HOSTS_DENY = /private/etc/hosts.deny
195c199
< LOCK_FILE = /var/lock/subsys/denyhosts
> #LOCK_FILE = /var/lock/subsys/denyhosts
202a207,208
> LOCK_FILE = /var/denyhosts/denyhosts.pid
> #
219c225
< ADMIN_EMAIL =
> ADMIN_EMAIL = [email protected]
286c292
< #SYSLOG_REPORT=YES
> SYSLOG_REPORT=YES
Network Accounts
User Server.app to create your network accounts; do not use Workgroup Manager. If you use Workgroup Manager, as I did, then your accounts will not have email addresses specified and iCal Server WILL NOT COMPLETELY WORK. Well, at least collaboration through network accounts will be handled clunkily through email, not automatically as they should. If you create a network account using Workgroup Manager, then edit that account using Server.app to specify the email to which iCal invitations may be sent. Server.app doesn't say anything about this, but that's one thing that email address entry is used for. This still isn't quite solid on Lion Server, as my Open Directory logs on a freshly installed Lion Server are filled with errors that read:
2011-12-12 15:05:52.425 EST - Module: SystemCache - Misconfiguration detected in hash 'Kerberos':
     User 'uname' (/LDAPv3/127.0.0.1) - ID 1031 - UUID 98B4DF30-09CF-42F1-6C31-9D55FE4A0812 - SID S-0-8-83-8930552043-0845248631-7065481045-9092
Oh well.
Email
Email aliases are handled with the file /private/etc/postfix/aliases. Do something like this
root:           myname
admin:          myname
sysadmin:       myname
certadmin:      myname
webmaster:      myname
my_alternate:   myname
Then run "sudo newaliases". If your ISP is Comcast or some other large provider, you probably must proxy your outgoing mail through their SMTP servers to avoid being blocked as a spammer (a lot of SMTP servers will block email from Comcast/whatever IP addresses that isn't sent by Comcast). Use Server.app>Mail to enter your account information. Even then, the Lion Server default setup may fail using this proxy. I had to do this with the file /private/etc/postfix/main.cf:
cd /etc/postfix
sudo cp ./main.cf ./main.cf.no_smtp_sasl_security_options
sudo echo 'smtp_sasl_security_options = noanonymous' >> ./main.cf
sudo serveradmin stop mail
sudo serveradmin start mail
Finally, make sure that you're running a blacklisting srevice yourself! Server Admin>Mail>Filter> Use spamhaus.org as a blacklister. Finally, set up mail to use strong Kerberos/MD5 settings under on Server Admin>Mail>Advanced. Turn off password and clear logins. The settings should be set to "Use" your SSL cert, NOT "Require". "Require" consistently breaks things for me.
If you already installed the server's Trust Certificate as described above (and opened up the correct ports), email to your account should be pushed out to all clients.
iCal Server
Server.app>Calendar>Turn ON and Allow Email Invitations, Edit... . Whatever you do, do NOT enter your own email account information in this GUI. You must enter the account information for local user com.apple.calendarserver, and the password for this account, which is stored in the System keychain: Keychain Access>System> Item com.apple.servermgr_calendar. Double-click and Show Password, copy and paste into Server.app dialog. This is all described in depth here. If you enter your own account information here (DO NOT!), the iCal Server will delete all Emails in your Inbox just as soon as it reads them, exactly like it works for user com.apple.calendarserver. Believe me, you don't want to discover this "feature", which I expect will be more tightly controlled in some future update.
Web
The functionality of Server.app's Web management is pretty limited and awful, but a few changes to the file /etc/apache2/httpd.conf will give you a pretty capable and flexible web server, just one that you must manage by hand. Here's a diff for httpd.conf:
$ diff httpd.conf.default httpd.conf
95c95
< #LoadModule ssl_module libexec/apache2/mod_ssl.so
> LoadModule ssl_module libexec/apache2/mod_ssl.so
111c111
< #LoadModule php5_module libexec/apache2/libphp5.so
> LoadModule php5_module libexec/apache2/libphp5.so
139,140c139,140
< #LoadModule auth_digest_apple_module libexec/apache2/mod_auth_digest_apple.so
< #LoadModule encoding_module libexec/apache2/mod_encoding.so
> LoadModule auth_digest_apple_module libexec/apache2/mod_auth_digest_apple.so
> LoadModule encoding_module libexec/apache2/mod_encoding.so
146c146
< #LoadModule xsendfile_module libexec/apache2/mod_xsendfile.so
> LoadModule xsendfile_module libexec/apache2/mod_xsendfile.so
177c177
< ServerAdmin [email protected]
> ServerAdmin [email protected]
186c186
< #ServerName www.example.com:80
> ServerName domain.com:443
677a678,680
> # Server-specific configuration
> # sudo apachectl -D WEBSERVICE_ON -D MACOSXSERVER -k restart
> Include /etc/apache2/mydomain/*.conf
I did "sudo mkdir /etc/apache2/mydomain" and add specific config files for various web pages to host. For example, here's a config file that will host the entire contents of an EyeTV DVR, all password controlled with htdigest ("htdigest ~uname/.htdigest EyeTV uname"). Browsing to https://server.domain.com/eyetv points to /Users/uname/Sites/EyeTV, in which there's an index.php script that can read and display the EyeTV archive at https://server.domain.com/eyetv_archive. If you want Apache username accounts with twiddles as in https://server.domain.com/~uname, specify "UserDir Sites" in the configuration file.
Alias /eyetv /Users/uname/Sites/EyeTV
<Directory "/Users/uname/Sites/EyeTV">
    AuthType Digest
    AuthName "EyeTV"
    AuthUserFile /Users/uname/.htdigest
    AuthGroupFile /dev/null
    Require user uname
    Options Indexes MultiViews
    AllowOverride All
    Order allow,deny
    Allow from all
</Directory>
Alias /eyetv_archive "/Volumes/Macintosh HD2/Documents/EyeTV Archive"
<Directory "/Volumes/Macintosh HD2/Documents/EyeTV Archive">
    AuthType Digest
    AuthName "EyeTV"
    AuthUserFile /Users/uname/.htdigest
    AuthGroupFile /dev/null
    Require user uname
    Options Indexes MultiViews
    AllowOverride All
    Order allow,deny
    Allow from all
</Directory>
I think you can turn Web off/on in Server.app to relaunch apached, or simply "sudo apachectl -D WEBSERVICE_ON -D MACOSXSERVER -k restart".
Securely copy to all desired remote clients the file IntermediateCA_SERVER.DOMAIN.COM_1.cer, which you exported from System Keychain above. Add this certificate to your remote keychain and trust it, allowing secure connections between remote clients and your server. Also on remote clients: Firefox>Advanced>Encryption>View Certificates>Authorities>Import...> Import this certificate into your browser. Now there should be a secure connection to https://server.domain.com without any SSL warnings.
One caveat is that there should be a nice way to establish secure SSL to https://domain.com and https://www.domain.com, but the automagically created SSL certificate only knows about server.domain.com. I attempted to follow this advice when I originally created the cert and add these additional domains (under "Subject Alternate Name Extension"), but the cert creation UI failed when I did this, so I just gave up. I hope that by the time these certs expire, someone posts some documentation on how to manage and change Lion Server SSL scripts AFTER the server has been promoted to an Open Directory Master. In the meantime, it would be much appreciated if anyone can post either how to add these additional domain names to the existing cert, or generate and/or sign a cert with a self-created Keychain Access root certificate authority. In my experience, any attempt to mess with the SSL certs automatically generated just breaks Lion Server.
Finally, if you don't want a little Apple logo as your web page icon, create your own 16×16 PNG and copy it to the file /Library/Server/Web/Data/Sites/Default/favicon.ico. And request that all web-crawling robots go away with the file /Library/Server/Web/Data/Sites/Default/robots.txt:
User-agent: *
Disallow: /
Misc
VNC easily works with iOS devices -- use a good passphrase. Edit /System/Library/LaunchDaemons/org.postgresql.postgres.plist and set "listen_addresses=127.0.0.1" to allow PostgreSQL connections over localhost. I've also downloaded snort/base/swatch to build an intrusion detection system, and used Macports's squid+privoxy to build a privacy-enhanced ad-blocking proxy server.

Privacy Enhancing Filtering Proxy and SSH Tunnel
Lion Server comes with its own web proxy, but chaining Squid and Privoxy together provides a capable and effective web proxy that can block ads and malicious scripts, and conceal information used to track you around the web. I've posted a simple way to build and use a privacy enhancing web proxy here. While you're at it, configure your OS and browsers to block Adobe Flash cookies and block Flash access to your camera, microphone, and peer networks. Read this WSJ article series to understand how this impacts your privacy. If you configure it to allow use for anyone on your LAN, be sure to open up ports 3128, 8118, and 8123 on your firewall.
If you've set up ssh and/or VPN as above, you can securely tunnel in to your proxy from anywhere. The syntax for ssh tunnels is a little obscure, so I wrote a little ssh tunnel script with a simpler flexible syntax. This script also allows secure tunnels to other services like VNC (port 5900). If you save this to a file ./ssht (and chmod a+x ./ssht), example syntax to establish an ssh tunnel through localhost:8080 (or, e.g., localhost:5901 for secure VNC Screen Sharing connects) looks like:
$ ./ssht 8080:[email protected]:3128
$ ./ssht 8080:alice@:
$ ./ssht 8080:
$ ./ssht 8018::8123
$ ./ssht 5901::5900 [Use the address localhost:5901 for secure VNC connects using OS X's Screen Sharing or Chicken of the VNC (sudo port install cotvnc)]
$ vi ./ssht
#!/bin/sh
# SSH tunnel to squid/whatever proxy: ssht [-p ssh_port] [localhost_port:][user_name@][ip_address][:remotehost][:remote_port]
USERNAME_DEFAULT=username
HOSTNAME_DEFAULT=domain.com
SSHPORT_DEFAULT=22
# SSH port forwarding specs, e.g. 8080:localhost:3128
LOCALHOSTPORT_DEFAULT=8080      # Default is http proxy 8080
REMOTEHOST_DEFAULT=localhost    # Default is localhost
REMOTEPORT_DEFAULT=3128         # Default is Squid port
# Parse ssh port and tunnel details if specified
SSHPORT=$SSHPORT_DEFAULT
TUNNEL_DETAILS=$LOCALHOSTPORT_DEFAULT:$USERNAME_DEFAULT@$HOSTNAME_DEFAULT:$REMOT EHOST_DEFAULT:$REMOTEPORT_DEFAULT
while [ "$1" != "" ]
do
case $1
in
    -p) shift;                  # -p option
        SSHPORT=$1;
        shift;;
     *) TUNNEL_DETAILS=$1;      # 1st argument option
        shift;;
esac
done
# Get local and remote ports, username, and hostname from the command line argument: localhost_port:user_name@ip_address:remote_host:remote_port
shopt -s extglob                        # needed for +(pattern) syntax; man sh
LOCALHOSTPORT=$LOCALHOSTPORT_DEFAULT
USERNAME=$USERNAME_DEFAULT
HOSTNAME=$HOSTNAME_DEFAULT
REMOTEHOST=$REMOTEHOST_DEFAULT
REMOTEPORT=$REMOTEPORT_DEFAULT
# LOCALHOSTPORT
CDR=${TUNNEL_DETAILS#+([0-9]):}         # delete shortest leading +([0-9]):
CAR=${TUNNEL_DETAILS%%$CDR}             # cut this string from TUNNEL_DETAILS
CAR=${CAR%:}                            # delete :
if [ "$CAR" != "" ]                     # leading or trailing port specified
then
    LOCALHOSTPORT=$CAR
fi
TUNNEL_DETAILS=$CDR
# REMOTEPORT
CDR=${TUNNEL_DETAILS%:+([0-9])}         # delete shortest trailing :+([0-9])
CAR=${TUNNEL_DETAILS##$CDR}             # cut this string from TUNNEL_DETAILS
CAR=${CAR#:}                            # delete :
if [ "$CAR" != "" ]                     # leading or trailing port specified
then
    REMOTEPORT=$CAR
fi
TUNNEL_DETAILS=$CDR
# REMOTEHOST
CDR=${TUNNEL_DETAILS%:*}                # delete shortest trailing :*
CAR=${TUNNEL_DETAILS##$CDR}             # cut this string from TUNNEL_DETAILS
CAR=${CAR#:}                            # delete :
if [ "$CAR" != "" ]                     # leading or trailing port specified
then
    REMOTEHOST=$CAR
fi
TUNNEL_DETAILS=$CDR
# USERNAME
CDR=${TUNNEL_DETAILS#*@}                # delete shortest leading +([0-9]):
CAR=${TUNNEL_DETAILS%%$CDR}             # cut this string from TUNNEL_DETAILS
CAR=${CAR%@}                            # delete @
if [ "$CAR" != "" ]                     # leading or trailing port specified
then
    USERNAME=$CAR
fi
TUNNEL_DETAILS=$CDR
# HOSTNAME
HOSTNAME=$TUNNEL_DETAILS
if [ "$HOSTNAME" == "" ]                # no hostname given
then
    HOSTNAME=$HOSTNAME_DEFAULT
fi
ssh -p $SSHPORT -L $LOCALHOSTPORT:$REMOTEHOST:$REMOTEPORT -l $USERNAME $HOSTNAME -f -C -q -N \
    && echo "SSH tunnel established via $LOCALHOSTPORT:$REMOTEHOST:$REMOTEPORT\n\tto $USERNAME@$HOSTNAME:$SSHPORT." \
    || echo "SSH tunnel FAIL."

Hello, World - trying to understand the steps

Hello, Experts!
I am pretty new to Flash Development, so I am trying to understand how to implement the following steps using Flash environment
http://pdfdevjunkie.host.adobe.com/00_helloWorld.shtml
Step 1: Create the top level object. Use a "Module" rather than an "Application" and implement the "acrobat.collection.INavigator" interface. The INavigator interface enables the initial hand shake with the Acrobat ActionScript API. Its only member is the set host function, which your application implements. During the initialize cycle, the Acrobat ActionScript API invokes your set host function. Your set host function then initializes itself, can add event listeners, and performs other setup tasks.Your code might look something like this.
<mx:Module xmlns:mx="http://www.adobe.com/2006/mxml" implements="acrobat.collection.INavigator" height="100%" width="100%" horizontalScrollPolicy="off" verticalScrollPolicy="off" >
Step 2: Create your user interface elements. In this example, I'm using a "DataGrid" which is overkill for a simple list but I'm going to expand on this example in the future. Also notice that I'm using "fileName" in the dataField. The "fileName" is a property of an item in the PDF Portfolio "items" collection. Later when we set the dataProvider of the DataGrid, the grid will fill with the fileNames of the files in the Portfolio.
<mx:DataGrid id="itemList" initialize="onInitialize()" width="350" rowCount="12"> <mx:columns> <mx:DataGridColumn dataField="fileName" headerText="Name"/> </mx:columns> </mx:DataGrid>
Step 3: Respond to the "initialize" event during the creation of your interface components. This is important because there is no coordination of the Flash Player's initialization of your UI components and the set host(), so these two important milestone events in your Navigator's startup phase could occur in either order. The gist of a good way to handler this race condition is to have both your INavigator.set host() implementation and your initialize() or creationComplete() handler both funnel into a common function that starts interacting with the collection only after you have a non-null host and an initialized UI. You'll see in the code samples below and in step 4, both events funnel into the "startEverything()" function. I'll duscuss that function in the 5th step.
               private function onInitialize():void { _listInitialized = true; startEverything(); }

Hello, Experts!
I am pretty new to Flash Development, so I am trying to understand how to implement the following steps using Flash environment
http://pdfdevjunkie.host.adobe.com/00_helloWorld.shtml
Step 1: Create the top level object. Use a "Module" rather than an "Application" and implement the "acrobat.collection.INavigator" interface. The INavigator interface enables the initial hand shake with the Acrobat ActionScript API. Its only member is the set host function, which your application implements. During the initialize cycle, the Acrobat ActionScript API invokes your set host function. Your set host function then initializes itself, can add event listeners, and performs other setup tasks.Your code might look something like this.
<mx:Module xmlns:mx="http://www.adobe.com/2006/mxml" implements="acrobat.collection.INavigator" height="100%" width="100%" horizontalScrollPolicy="off" verticalScrollPolicy="off" >
Step 2: Create your user interface elements. In this example, I'm using a "DataGrid" which is overkill for a simple list but I'm going to expand on this example in the future. Also notice that I'm using "fileName" in the dataField. The "fileName" is a property of an item in the PDF Portfolio "items" collection. Later when we set the dataProvider of the DataGrid, the grid will fill with the fileNames of the files in the Portfolio.
<mx:DataGrid id="itemList" initialize="onInitialize()" width="350" rowCount="12"> <mx:columns> <mx:DataGridColumn dataField="fileName" headerText="Name"/> </mx:columns> </mx:DataGrid>
Step 3: Respond to the "initialize" event during the creation of your interface components. This is important because there is no coordination of the Flash Player's initialization of your UI components and the set host(), so these two important milestone events in your Navigator's startup phase could occur in either order. The gist of a good way to handler this race condition is to have both your INavigator.set host() implementation and your initialize() or creationComplete() handler both funnel into a common function that starts interacting with the collection only after you have a non-null host and an initialized UI. You'll see in the code samples below and in step 4, both events funnel into the "startEverything()" function. I'll duscuss that function in the 5th step.
               private function onInitialize():void { _listInitialized = true; startEverything(); }

Trying to understand SSL sticky with CSS 11506 / ssl-l4-fallback behavior

Similar Messages

Maybe you are looking for