Sample Question:
What you have to do:
1. Configure a Virtual host called www.abc.com:
root directory is: /vhosts/abc_com.
- You need to create a index.html file which will show “welcome to www.abc.com” message.
- You are required to configure /vhosts directory such that users of webdeveloper directory should be able to modify files in it. (use setfacl, its easy so not covered in this solution)
2. You are required to lunch php web application called www.xyz.com and host index.php file in it.
- root directory: /vhost/xyz.com
- index.php contains:
<?php
echo “Welcome to www.xyz.com”;
?> - you should use port 8082 to host this web site.
3. You are required to lunch a Python based web site call www.pyapp.com.
- root directory: /vhost/pyapp
- app.py file: contains:
def application(environ, start_response):
status = ‘200 OK’
output = ‘Hello World!,welcome to Python’response_headers = [(‘Content-type’, ‘text/plain’),
(‘Content-Length’, str(len(output)))]
start_response(status, response_headers)return [output] - port: 8099
4. You are required to lunch www.shiba.com.np with TLS support. you may use /vhosts/abc_com as root directory for this website. You are also required to create a intranet directory under www.abc.com which should be accessible from only your local domain (your network). Also unsecure access to the website to secure site:
Solutions
Solution question no. 1:
- Make directory
mkdir -p /vhosts/abc_com
echo “Welcom to www.abc.com” > /vhosts/abc_com - Setting file ACL to /vhosts file
setfacl -m g:webmaster:rwx /vhosts/abc_com
setfacl -m d:g:webmaster:rwx /vhosts/abc_com
- install httpd (if not already installed):
yum -y install httpd
- enable httpd service on boot startup
systemctl enable httpd
- start httpd service
systemctl start htpd
- enabling firewall
firewalld-cmd –permanent –add-service http
firewalld-cmd –reload
- Change SELinux context of /vhosts directory otherwis you will not be able to lunux web site from this directory. I am using help of selinux-fcontext man page to do this.Note: if you forget which man page to see, use man semanage and goto see also section where you will fine that you need to see semanage-fcontext for fcontext’s man page:man semanage-fcontext|grep semanage|grep web
modify /web to /vhosts file the outcome, which becomes:
semanage fcontext -a -t http_sys_content_t “/vhosts(/.*)?”
- Add create a file calld abc.conf in /etc/httpd/conf.d folder, which contains following information
<Directory>
AllowOverride None
Require all granted
</Directory>
<VirtualHost *>
DocumentRoot www.abc.com
ServerName abc_com
</VirtualHost>
- Note: I haven’t included ErrorLog, CustomLog and server admin. In exam you can find sample file in following lication: /usr/share/doc/httpd-2.4.6/, use httpd-vhosts.conf sample file for vhost
Solution 2:
- install php
yum -y install php - restart httpd
systemctl restart httpd - add xyz_com.conf file in /etc/httpd/conf.d/ with following contecnt:
<Directory >
AllowOverride None
Require all granted
</Directory><VirtualHost *:8082>
DocumentRoot /vhost/xyz_com
ServerName www.xyz.com
</VirtualHost> - you need to add port 8080 in SELinux port context, verify port context of port 80, and use same lable to 8082
semanage port -l |grep -w 80 - Add SELinux port label to port 8082 (http_port_t, retrieved from above command)
semanage port -a -p tcp -t http_port_t 8082 - Allow port 8082 in firewall
firewalld-cmd –permanent –add-port 8082/tcp
firewalld-cmd –reload
Soution 3:
- install mod_wsgi module
yum -y install mod_wsgi - Add python wsgi script to /vhosts/pyapp folder called app.py and add following content to it.
app.py file:
def application(environ, start_response):
status = ‘200 OK’
output = ‘Hello World!’
response_headers = [(‘Content-type’, ‘text/plain’),
(‘Content-Length’, str(len(output)))]
start_response(status, response_headers)
return [output]
- Set selinux port context
semanage port -a -t http_port_t 8099 - Add http configuration file in /etc/httpd/conf.d, (say pyapp.conf)
Listen 8099
<VirtualHost *>
WSGIScriptAlias / /vhosts/pyapp/index.py
ServerName www.pyapp.com
DocumentRoot /vhosts/pyapp
ErrorLog logs/errorPyapp.log
CustomLog logs/access_pyapp.log common
<Directory /vhosts/pyapp>
SetHandler wsgi-script
Require all granted
</Directory>
</VirtualHost>
- Enable port in firewall
firewall-cmd –permanent –add-port=8099
firewall-cmd –reload
Solution 4:
- Install mod_ssl:
yum -y install mod_ssl - Install genkey, which is inclued in crypto-utils package
yum -y install crypto-utils - Generate self sign certificate
genkey www.shiba.com.np
#follow the steps, in the step of creating CSR, don’t created it otherwise certificate file will not #be created. CSR fie is used for request authentica certificate file from venders like digicerts #and comodo certificate authority. - Enable firewall
firewall-cmd –permanant –add-service=https
firewall-cmd –reload
- vi /etc/httpd/conf.d/shiba_com_ssl.conf
<VirtualHost *:80>
redirect 301 / https://www.shiba..com.np
</VirtualHost>
<VirtualHost *:443>ServerName www.shiba.com.np
#You ca host same web pages (same folder can be used in both http or https)
DocumentRoot /vhosts/abc_com
SSLCertificateFile /etc/pki/tls/certs/www.shiba.com.np.crt
SSLCertificateKeyFile /etc/pki/tls/private/www.shiba.com.np.key
#SSLCertificateChainFile <path of your CA file>
ErrorLog logs/ssl.log
CustomLog logs/ssl.log common#Order allow deny will give you facility to control access.
#in following case “Order Allow,deny, if not explicitly accepted, all the traffic to
# www.shiba.com.np/internal folder will be blocked. Similarly, if we use “Order deny,allow”, the
# directory will be open to all except explicitly denied.
<Directory /vhosts/abc_com/intranet>
Order allow,deny
#allowing access from all hosts from shiba..com.np domain
allow from .shiba.com.np
</Directory>
</VirtualHost>
Note: We can also user ReWrite rule to redirect web site.
<VirtualHost *:80>
ReWriteEngine On
ReWriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]
</VirtualHost>
Leave a Reply