HTTP/HTTPS Flashcards
Configure a Virtual Host
Configure a virtual host.
1. Install the “Web Server” package group: #yum groupinstall -y "Web server"
2. Edit the /etc/httpd/conf/httpd.conf file and uncomment the following directive: #NameVirtualHost *:80
At the end of the same file, uncomment the following stanza: # # ServerAdmin webmaster@dummy-host.example.com # DocumentRoot /www/docs/dummy-host.example.com # ServerName dummy-host.example.com # ErrorLog logs/dummy-host.example.com-error_log # CustomLog logs/dummy-host.example.com-access_log common #
Don’t forget to replace dummy-host.example.com by the name of your webserver.
3. Check the validity of the /etc/httpd/conf/httpd.conf file: # httpd -t # service httpd configtest
4. Check the virtual host(s) configuration: # httpd -S # httpd -D DUMP_VHOSTS
5. Add a new rule to the firewall: # iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
6. Save the firewall configuration: # service iptables save
7. Activate the httpd service at boot: #chkconfig httpd on
8. Start the httpd service: #service httpd start
9. Check the httpd service: #yum install -y elinks #elinks http://localhost
Configure group-managed content.
Configure group-managed content.
1. Install the “Web Server” package group: #yum groupinstall -y "Web Server"
- Edit the /etc/hosts file and add the ip address and the fully qualified domain name of the server:
- 2.3.4 server.example.com
- To allow only a group of users (here nikos and steve from the team) to access a specific directory (here private), edit the /etc/httpd/conf/httpd.conf file and type:
AuthType Basic AuthName "Password protected area" AuthGroupFile /etc/httpd/conf/team AuthUserFile /etc/httpd/conf/passwd Require group team
- Check the configuration file:
#service httpd configtest
Syntax OK
5. Create the private directory: #mkdir -p /var/www/html/private #restorecon /var/www/html/private
- Create the /etc/httpd/conf/team file:
team: nikos steve
7. Create the /etc/httpd/conf/passwd file: #htpasswd -c /etc/httpd/conf/passwd nikos New password: nikos Re-type new password: nikos Adding password for user nikos #htpasswd /etc/httpd/conf/passwd steve New password: steve Re-type new password: steve Adding password for user steve
8. Add a new rule to the firewall: #iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
9. Save the firewall configuration: #service iptables save
10. Activate the httpd service at boot: #chkconfig httpd on
11. Start the httpd service: #service httpd start
12. Check the httpd service: #yum install -y elinks #elinks http://localhost/private/
Configure private directories
service httpd configtest
Configure private directories.
1. Install the “Web server” package group: #yum groupinstall -y "Web server"
- There are several ways to restrict access to directories:
a) host-based private directories
To only allow test.example.com (add the name/IP address in the /etc/hosts file if necessary) to access a specific directory (here private), edit the /etc/httpd/conf/httpd.conf file and type:
AllowOverride None
Options None
Order allow,deny
Allow from test.example.com
Check the configuration file:
# service httpd configtest Create the private directory:
#mkdir -p /var/www/html/private #restorecon -R /var/www/html/private
b) user-based private directories
To only allow me to access a specific directory (here private), edit the /etc/httpd/conf/httpd.conf file and type:
AuthType Basic
AuthName “Password protected area”
AuthUserFile /etc/httpd/conf/passwd
Require user me
Check the configuration file:
3. Create the private directory: #mkdir -p /var/www/html/private #restorecon -R /var/www/html/private
4. Create the passwd file and store me’s password: #htpasswd -c /etc/httpd/conf/passwd me
Note: the .htpasswd file can locally be used instead of the httpd.conf file in 1) and 2) for the same purpose.
5. Whatever the option chosen, add a new rule to the firewall: #iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
6. Save the firewall configuration: #service iptables save
7. Activate the httpd service at boot: #chkconfig httpd on
8. Start the httpd service: #service httpd start
9. Check the httpd service: #yum install -y elinks #elinks http://localhost/private
Deploy a basic CGI application
Deploy a basic CGI application.
1. Install the “Web server” package group: #yum groupinstall -y "Web server"
2. Create the /var/www/cgi-bin/hello.pl Perl script and insert the following lines: #!/usr/bin/perl print "Content-type: text/html\n\n"; print "Hello, World!";
3. Make this script executable: #chmod 755 /var/www/cgi-bin/hello.pl
4. Add a new rule to the firewall: #iptables -I INPUT -p tcp -m state --state NEW -m tcp —dport 80 -j ACCEPT
5. Save the firewall configuration: #service iptables save
6. Activate the httpd service at boot: #chkconfig httpd on
7. Start the httpd service: #service httpd start
8. Check the httpd service: #yum install -y elinks #elinks http://localhost/cgi-bin/hello.pl Alternatively, if you want to use a directory other than the /var/www/cgi-bin/ default (/webapp for example), you will have some additional steps.
9. Create the webapp directory: #mkdir /webapp
10. Copy the hello.pl file into it: #cp /var/www/cgi-bin/hello.pl /webapp
11. Set up SElinux configuration for the /webapp directory: #yum install -y setroubleshoot-server #semanage fcontext -a -t httpd_sys_script_exec_t "/webapp(/.*)?" #restorecon -R /webapp
- Edit the /etc/httpd/conf/httpd.conf file and replace the ‘ScriptAlias‘ option with the following content:
ScriptAlias /cgi-bin/ “/webapp/”
In the same file, where the configuration of your website (or virtual host) is located, add the following lines:
AllowOverride None
Options None
Order allow,deny
Allow from all
In the same stanza, you can optionally add the following lines (but it doesn’t seem mandatory):
Options ExecCGI
AddHandler cgi-script .pl
13. Check the configuration file: #service httpd configtest
14. Restart the httpd service: #service httpd restart
15. Check the execution of the Perl script: #yum install -y elinks #elinks http://localhost/cgi-bin/hello.pl
