Configuring Web Server in apache (with practice question)

Sample Question:

What you have to do:
1. Configure a Virtual host called www.abc.com:
root directory is: /vhosts/abc_com.

  • You need to create a index.html file which will show “welcome to www.abc.com” message.
  • You are required to configure /vhosts directory such that users of webdeveloper directory should be able to modify files in it. (use setfacl, its easy so not covered in this solution)

2. You are required to lunch php web application called www.xyz.com and host index.php file in it.

  • root directory: /vhost/xyz.com
  • index.php contains:
    <?php
    echo “Welcome to www.xyz.com”;
    ?>
  • you should use port 8082 to host this web site.

3. You are required to lunch a Python based web site call www.pyapp.com.

  • root directory: /vhost/pyapp
  • app.py file: contains:
    def application(environ, start_response):
    status = ‘200 OK’
    output = ‘Hello World!,welcome to Python’response_headers = [(‘Content-type’, ‘text/plain’),
    (‘Content-Length’, str(len(output)))]
    start_response(status, response_headers)return [output]
  • port: 8099

4. You are required to lunch www.shiba.com.np with TLS support. you may use /vhosts/abc_com as root directory for this website. You are also required to create a intranet directory under www.abc.com which should be accessible from only your local domain (your network). Also unsecure access to the website to secure site:

Solutions

Solution question no. 1:

  • Make directory
    mkdir -p /vhosts/abc_com
    echo “Welcom to www.abc.com” > /vhosts/abc_com
  • Setting file ACL to /vhosts file
    setfacl -m g:webmaster:rwx /vhosts/abc_com
    setfacl -m d:g:webmaster:rwx /vhosts/abc_com
  • install httpd (if not already installed):
    yum -y install httpd
  • enable httpd service on boot startup
    systemctl enable httpd
  • start httpd service
    systemctl start htpd
  • enabling firewall
    firewalld-cmd –permanent –add-service http
    firewalld-cmd –reload
  • Change SELinux context of /vhosts directory otherwis you will not be able to lunux web site from this directory. I am using help of selinux-fcontext man page to do this.Note: if you forget which man page to see, use man semanage and  goto see also section where you will fine that you need to see semanage-fcontext for fcontext’s man page:man semanage-fcontext|grep semanage|grep web

    modify /web to /vhosts file the outcome, which becomes
    :
    semanage fcontext -a -t http_sys_content_t “/vhosts(/.*)?”
  • Add create a file calld abc.conf in /etc/httpd/conf.d folder, which contains following information
    <Directory>
    AllowOverride None
    Require all granted
    </Directory>
    <VirtualHost *>
    DocumentRoot www.abc.com
    ServerName abc_com
    </VirtualHost>
  • Note: I haven’t included ErrorLog, CustomLog and server admin. In exam you can find sample file in following lication: /usr/share/doc/httpd-2.4.6/, use httpd-vhosts.conf sample file for vhost

Solution 2:

  • install php
    yum -y install php
  • restart httpd
    systemctl    restart httpd
  • add xyz_com.conf file in /etc/httpd/conf.d/ with following contecnt:
    <Directory >
    AllowOverride None
    Require all granted
    </Directory><VirtualHost *:8082>
    DocumentRoot /vhost/xyz_com
    ServerName www.xyz.com
    </VirtualHost>
  • you need to add port 8080 in SELinux port context, verify port context of port 80, and use same lable to 8082
    semanage port -l |grep -w 80
  • Add SELinux port label to port 8082 (http_port_t, retrieved from above command)
    semanage port -a -p tcp -t http_port_t 8082
  • Allow port 8082 in firewall
    firewalld-cmd –permanent –add-port 8082/tcp
    firewalld-cmd –reload

Soution 3:

  • install mod_wsgi module
    yum -y install mod_wsgi
  • Add python wsgi script to /vhosts/pyapp folder called app.py and add following content to it.
    app.py file:


    def application(environ, start_response):
    status = ‘200 OK’
    output = ‘Hello World!’
    response_headers = [(‘Content-type’, ‘text/plain’),
    (‘Content-Length’, str(len(output)))]
    start_response(status, response_headers)
    return [output]


  • Set selinux port context
    semanage port -a -t http_port_t 8099
  • Add http configuration file in /etc/httpd/conf.d, (say pyapp.conf)

    Listen 8099
    <VirtualHost *>
    WSGIScriptAlias / /vhosts/pyapp/index.py
    ServerName www.pyapp.com
    DocumentRoot /vhosts/pyapp
    ErrorLog logs/errorPyapp.log
    CustomLog logs/access_pyapp.log common
    <Directory /vhosts/pyapp>
    SetHandler wsgi-script
    Require all granted
    </Directory>
    </VirtualHost>


  • Enable port in firewall
    firewall-cmd –permanent –add-port=8099
    firewall-cmd –reload

Solution 4:

  • Install mod_ssl:
    yum -y install mod_ssl
  • Install genkey, which is inclued in crypto-utils package
    yum -y install crypto-utils
  • Generate self sign certificate
    genkey www.shiba.com.np
    #follow the steps, in the step of creating CSR, don’t created it otherwise certificate file will not #be created. CSR fie is used for request authentica certificate file from venders like digicerts #and comodo certificate authority.
  • Enable firewall
    firewall-cmd –permanant –add-service=https
    firewall-cmd –reload

 

  • vi /etc/httpd/conf.d/shiba_com_ssl.conf
    <VirtualHost *:80>
    redirect 301 / https://www.shiba..com.np
    </VirtualHost>
    <VirtualHost *:443>ServerName www.shiba.com.np
    #You ca host same web pages (same folder can be used in both http or https)
    DocumentRoot /vhosts/abc_com
    SSLCertificateFile /etc/pki/tls/certs/www.shiba.com.np.crt
    SSLCertificateKeyFile /etc/pki/tls/private/www.shiba.com.np.key
    #SSLCertificateChainFile <path of your CA file>
    ErrorLog logs/ssl.log
    CustomLog logs/ssl.log common#Order allow deny will give you facility to control access.
    #in following case “Order Allow,deny, if not explicitly accepted, all the traffic to
    # www.shiba.com.np/internal folder will be blocked. Similarly, if we use “Order deny,allow”, the
    # directory will be open to all except explicitly denied.
    <Directory /vhosts/abc_com/intranet>
    Order allow,deny
    #allowing access from all hosts from shiba..com.np domain
    allow from .shiba.com.np
    </Directory>
    </VirtualHost>


    Note: We can also user ReWrite rule to redirect web site.
    <VirtualHost *:80>
    ReWriteEngine On
    ReWriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]
    </VirtualHost>

Leave a Reply

Your email address will not be published.


3 + = eight

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Recent Posts
Recent Comments
    Archives
    Categories
    Updates on Recent activieies
    Meta