Chap 19 web
0 likes610 views
This document discusses configuring and managing the Apache web server. It describes how to start, stop, and restart the Apache daemon. It explains the Apache configuration file format and common directives. It also covers access control, user home directories, virtual hosts, enabling HTTPS, and creating self-signed certificates.
![Apache Configuration FileApache Configuration File
●
apache[2].confapache[2].conf
– Location may vary from distributionsLocation may vary from distributions
– More configuration files may be included by usingMore configuration files may be included by using
IIncludenclude statementstatement
– HTML like syntax with <TAG> </TAG> directivesHTML like syntax with <TAG> </TAG> directives](https://image.slidesharecdn.com/chap19web-150606075214-lva1-app6892/85/Chap-19-web-5-320.jpg)
Chap 19 web
- 1. Chapter 19Chapter 19 Web ServerWeb Server
- 3. Apache Web ServerApache Web Server ● Service name (Redhat/CentOS):Service name (Redhat/CentOS): – apacheapache ● Daemon name (Redhat/CentOS):Daemon name (Redhat/CentOS): – httpdhttpd ● Daemon name (Ubuntu):Daemon name (Ubuntu): – apache2apache2
- 4. Controlling ApacheControlling Apache ● service <daemon_name> <command>service <daemon_name> <command> – Commands:Commands: ● start start : start daemon: start daemon ● stop stop : stop daemon: stop daemon ● restart restart : restart daemon: restart daemon ● status status : status report: status report ● configtest configtest : test configuration: test configuration
- 5. Apache Configuration FileApache Configuration File ● apache[2].confapache[2].conf – Location may vary from distributionsLocation may vary from distributions – More configuration files may be included by usingMore configuration files may be included by using IIncludenclude statementstatement – HTML like syntax with <TAG> </TAG> directivesHTML like syntax with <TAG> </TAG> directives
- 6. Common DirectivesCommon Directives ● User / GroupUser / Group – UID/GID of processes to access file systemUID/GID of processes to access file system ● ListenListen – Listening portListening port ● ServerNameServerName – FQDN to responseFQDN to response ● DocumentRootDocumentRoot – Top directory to access for resourcesTop directory to access for resources ● ServerAdminServerAdmin – Administrator's emailAdministrator's email
- 7. User Home DirectoryUser Home Directory ● URL:URL: http://web.server/~userhttp://web.server/~user <IfModule mod_userdir.c><IfModule mod_userdir.c> #UserDir disable#UserDir disable UserDir public_htmlUserDir public_html </IfModule></IfModule> ● Place document underPlace document under ~user/public_html~user/public_html ● Must be accessible by apache daemonMust be accessible by apache daemon
- 9. Access ControlAccess Control ● Order <X> <Y>Order <X> <Y> – Only in X then XOnly in X then X – Only in Y then YOnly in Y then Y – Both in X & Y then YBoth in X & Y then Y ● Allow|Deny <CLIENT>Allow|Deny <CLIENT> – all all : all hosts: all hosts – IP.IP.IP.IP IP.IP.IP.IP : specific IP: specific IP – IP.IP. IP.IP. : partial IP: partial IP – NET/MASK NET/MASK : a network: a network
- 10. Access AuthenticationAccess Authentication ● vi /var/www/html/secret/.htaccessvi /var/www/html/secret/.htaccess AuthName "secret"AuthName "secret" AuthType BasicAuthType Basic AuthUserFile "/var/www/.htpasswd.secret"AuthUserFile "/var/www/.htpasswd.secret" require validuserrequire validuser ● htpasswd htpasswd cc /var/www/html/secret/.htaccess user /var/www/html/secret/.htaccess user ● chmod 640 /var/www/html/secret/.htaccesschmod 640 /var/www/html/secret/.htaccess ● chgrp apache /var/www/html/secret/.htaccesschgrp apache /var/www/html/secret/.htaccess * Note: the* Note: the cc options ofoptions of htpasswdhtpasswd is supplied at firstis supplied at first time running the program only.time running the program only.
- 13. Enabling HTTPSEnabling HTTPS ● Listening on 443/TCPListening on 443/TCP ● UseUse https://https:// instead ofinstead of http://http:// in URLin URL ● All HTTP traffics are encryptedAll HTTP traffics are encrypted ● Need a CA signed certificate while using in theNeed a CA signed certificate while using in the public networkpublic network ● Self-signed certificate can be used in privateSelf-signed certificate can be used in private networks or for test purposenetworks or for test purpose
- 14. Enabling HTTPSEnabling HTTPS ● Create a self-singed certificate:Create a self-singed certificate: – openssl gen rsa des3 out tmp.key 1024openssl gen rsa des3 out tmp.key 1024 – openssl rsa in tmp.key out server.keyopenssl rsa in tmp.key out server.key – chmod 600 server.keychmod 600 server.key – openssl req new key server.key out openssl req new key server.key out server.csrserver.csr – openssl x509 req days 365 in server.csr openssl x509 req days 365 in server.csr signkey server.key out server.crtsignkey server.key out server.crt – mv server.crt /etc/pki/tls/certs/mv server.crt /etc/pki/tls/certs/ – mv server.key /etc/pki/tls/private/mv server.key /etc/pki/tls/private/ * Note: the* Note: the certs/certs/ andand private/private/ directoriesdirectories may vary from systemsmay vary from systems
- 15. Enabling HTTPSEnabling HTTPS ● Configure apache:Configure apache: – SSLCertificateFile /etc/pki/tls/certs/server.crtSSLCertificateFile /etc/pki/tls/certs/server.crt – SSLCertificateKeyFileSSLCertificateKeyFile /etc/pki/tls/private/server.key/etc/pki/tls/private/server.key * Note: the path of SSL configuration file may vary* Note: the path of SSL configuration file may vary from systems.from systems. ● Restart apache daemonRestart apache daemon