Web Services Flashcards
LPIC-2 Web services, including Apache, Nginx and Squid
What do HTTP and HTTPS stand for?
HyperText transfer protocol and Secure HTTP
What does HTML stand for?
HyperText Markup Language
HTTP status codes have the format 1xx, 2xx, 3xx, 4xx, 5xx - what types of messages do these number represent?
1xx - Informational messages 2xx - Success 3xx - Redirection 4xx - Client Error 5xx - Server Error
What does SSL stand for?
Secure Sockets Layer
What does TLS stand for and what is it?
TLS is Transport Layer security, it is the security layer applied to web traffic, the successor to SSL.
Which port numbers do these services usually run on:
Web server (HTTP)
Secure Web server (HTTPS)
Squid Proxy Server
HTTP - 80
HTTPS - 443
Squid - 138
There are a number of web service options available, which 3 web services does LPIC-2 focus on? Which is the most popular in Linux today?
Apache - Web Server (most popular)
Nginx - Web Server
Squid - Web Proxy Server
Name some of the core features of the Apache web server
Loadable dynamic modules (that can be activated/deactivated on the fly) Scalable Multi-Session Support Limiting concurrent connections Bandwidth Throttling Web Caching (web proxy) Load Balancing (reverse Proxy) Common Gateway Interface (CGI) support Virtual Hosting User-Based Web Page Hosting
In Web Hosting, what does CGI stand for? What does it do?
Common Gateway Interface. It allows programs to be run that can generate dynamic web content.
What are the two main functions of the squid proxy server?
Web filtering and web caching
What is nginx?
Nginx is a web server that is gaining popularity. It can act as either a web server or as a reverse proxy server that performs load balancing
Where are Apache web documents generally stored?
/var/www/html/
Which Apache utility allows you to control (stop, start, restart, status) the Apache service?
apachectl
Unfortunately the configuration file location for Apache are not standard across distros. Which 2 places would you check on Debian based distros, which 2 places on Redhat based distros.
Debian: /etc/apache2.conf /etc/apache2/apache2.conf Redhat: /etc/httpd/httpd.conf /etc/httpd/httpd2.conf
Name the Apache directive that allows you to specify a port number to listen on and an optional IP address.
Listen
Name the Apache directive that specifies the user account which should be used to start the service
User
Name the Apache directive that allows you to specify a group for the Apache daemon service
Group
Name the Apache directive that allows you to specify an email address for the Apache server administrator
ServerAdmin
Name the Apache directive that allows you to specify a name for the Web server
ServerName
Name the Apache directive that allows you to specify the base directory for the configuration files
ServerRoot
Name the Apache directive that allows you to specify the base directory for the data files
DocumentRoot
Name the Apache directive that allows you to specify a default file served when a client requests an index of a directory
DirectoryIndex
Name the Apache directive that allows you to specify a file to serve when an error occurs
ErrorDocument
Name the Apache directive that allows you to specify the log file location
ErrorLog
Name the Apache directive that allows you to specify a file that lists restrictions on files in a folder
AccessFileName
Name the Apache directive that allows you to specify another file to include in the configuration
Include
Name the Apache directive that allows you to specify the number of servers to start to handle concurrent requests
StartServers
Name the Apache directive that allows you to specify the maximum number of servers to handle concurrent requests
MaxClients
Name the Apache directive that allows you to specify the minimum number of spare servers to have running
MinSpareServers
Name the Apache directive that allows you to specify the maximum number of spare servers to have running
MaxSpareServers
Name the Apache directive that allows you to load and enable special feature modules on the server
LoadModule
What does an Apache conditional BLOCK directive look like?
directives
What does an Apache conditional MODULE directive look like?
directives
What does an Apache conditional DIRECTORY directive look like?
directives
What are the two types of Apache logs?
Access logs and Error Logs
The location of the Apache Error logs can be different on Debian based distros to that on Redhat based distros. What are the likely locations and files names on each?
Debian:
/var/log/apache2/error.log
Redhat:
/var/log/httpd/error_log
The location of the Apache Access logs can be different on Debian based distros to that on Redhat based distros. What are the likely locations and files names on each?
Debian:
/var/log/apache2/access.log
Redhat:
/var/log/httpd/access_log
Name the Apache directive that allows users to host their own files on a system
USERDIR
e.g
USERDIR public_html
http://localhost/~username/test.html
What is named based virtual web hosting?
Where multiple hostnames point to a single IP address
What does an Apache name based virtual hosting definition look like?
NameVirtualHost 192.168.10.1
ServerName www.example1.com DocumentRoot /var/www/html/example1 Servername www.example2.com DocumentRoot /var/www/html/example2
What does an Apache IP based virtual hosting definition look like?
Listen 192.168.10.1
Listen 192.168.10.2
Servername www.example1.com DocumentRoot /var/www/html/example1 Servername www.example2.com DocumentRoot /var/www/html/example2
There are a number of Apache access restriction modules, which is the most common
mod_auth
also known as mod_authn_file
Name the Apache directive that allows you to specify a name for a mod_auth access restricted location
AuthName
Name the Apache directive that allows you to specify an authentication type for a mod_auth access restricted location
AuthType
Name the Apache directive that allows you to specify a file name for a mod_auth access restricted location
AuthUserFile
file can be created with the htpasswd utility
What does a mod_auth restricted access configuration directive look like?
AuthName "Secure pages, restricted access"
AuthType Basic
AuthUserFile /etc/apache/passwords
Require valid-user
DocumentRoot /var/www/html/secureWhich utility allows you to create a password file for a restricted access setup? How would you use it?
htpassed
#to create a new file htpasswd -c /etc/apache/password jdoe
What are the three methods of restricting access to content on an Apache server?
Using an authentication module, using .htaccess files or IP address based restrictions
Name the Apache directive that allows users to specify configuration directives in a .htaccess file
AllowOverRide
What does an IP based restriction configuration directive look like?
Order Deny,Allow
Deny from all
Allow from 192.168.10.0/255.255.255.0
DocumentRoot /var/www/html/secure
Which two Apache directives do you need for any CGI configuration?
ScriptAlias
e.g. ScriptAlias /cgi-bin/ /var/www/cgi-bin/
AddHandler
e.g. AddHandler cgi-script .cgi .pl
What are mod_perl, mod_php, mod_python, mod_ruby?
Commonly used installable Apache modules that can be with CGI to create dynamic web content.
What are the 6 steps to setting up https on Apache?
1 Install Apache SSL module
2 Create server public/private key pair
3 Create a CSR
4 Have the CSR Signed
5 Copy Certificate and Keys into your Apache Setup
6 Configure Apache to use the certificate
Using openssl, how would you create a public/private certificate key pair for your server
openssl genrsa -des3 -out server.key 2048
Using openssl, how would you create a certificate signing request for your server key “server.key”
openssl req -new -key server.key -out newreq.pem
There is a perl script that is part of the openssl-perl package that allows you to setup a certificate authority and self sign your CSR’s. What is the name and location of the perl script
/var/lib/ssl/misc/CA.pl
CA.pl -newca
CA.pl -signreq
What is SNI
Server Name Indication - this is an extension of the TLS protocol in which the hostname is indicated during the handshake. This allows multiple signed hosts to run on a single web server.
Name the Apache directive that turns on SSL capability
SSLEngine
e.g. SSLEngine on
Name the Apache directive that defines an SSL certificate to use
SSLCertificateFile
e.g. SSLCertificateFile /etc/apache/certs/server.pem
Name the Apache directive that defines an SSL certificate key
SSLCertificateKeyFile
e.g. SSLCertificateKeyFile /etc/apache/certs/server.key
Name the Apache directive that defines the certificate authorities key file
SSLCACertificateFile
Name the Apache directive that defines the certificate authorities key file path
SSLCACertificatePth
Name the Apache directive that defines the a file that contains multiple concatenated certificate files for validating client files
SSLCertificateChainFile
Name the Apache directive that allows the specification of versions of the TLS and SSL protocols
SSLProtocol
Name the Apache directive that defines the supports SSL/TLS ciphers
SSLCipherSuite
Where is the squid config file in
Redhat based distros?
Debian based distros?
Redhat
/etc/squid/squid.conf
Debian
/etc/squid3/squid.conf
Only two directives are required for a basic Squid web caching setup, what are they?
http_port
Cache_dir
Example:
http_port 3128
cache_dir ufs /var/spool/squid3 100 16 256
100MB
16 top level cache folders
256 2nd level cache folders
More folders should equal better caching performance
Name the Squid directive that defines an access control list
acl
Name the Squid directive that specifies a program to authenticate users
auth_param
Name the Squid directive that specifies a folder to cache web requests
cache_dir
Name the Squid directive that specifies a rule for allowing or denying access for an ACL group
http_access
Name the Squid directive that specifies the port on which the Squid service will listen on
http_port
Name the Squid directive that specifies an external program where all web requests can be redirected to
redirect_program
What does a squid acl directive look like?
acl ourhosts src 192.168.30.0/255.255.255.0
What is the squid acl src directive?
allows you to specify source IP addresses
What is the squid acl dst directive?
allows you to specify destination IP addresses
What is the squid acl port directive?
allows you to specify a list of TCP ports
What is the squid acl srcdomain directive?
allows you to specify a list of source domain names
What is the squid acl dstdomain directive?
allow you to specify a list of destination domain names
What is the squid acl time directive?
allows you to specify a list of days or time of day
What is the squid acl proto directive?
allows you to specify a list of protocols
What is the squid acl browser directive?
allows you to specify a list of browsers
What is this squid configuration doing?
acl socialmedia dstdomain www.facebook.com www.twitter.com
acl lunch MTWHF 12:00-13:00
http_access allow socialmedia lunch
http_access deny socialmedia
The first acl defines a list of destination domains
The second acl defines an hour, monday - Friday called lunch
The first http_access directive allows access to the domains during lunch
The second http_access directive denies access to the domains (at any other time)
Client authentication in squid uses which configuration directive?
auth_param
The same parameter is used in the config file to defines multiple settings, for example to use pam
auth_param basic /usr/lib/squid/pam_auth
auth_param basic children 5 startup=5 idle=1
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl ourhosts proxy_auth REQUIRED
What is the benefits of Nginx over Apache?
Nginx doesn’t spawn a new program thread for each client request like Apache. It spawns client threads within the main application program. This has the benefit of using less memory and can therefore be useful in large scale websites.
The second benefit is the ability to use Nginx as a reverse proxy which can serve as a load balancer for backend applications
Where is the nginx config file usually found and what is it called?
/etc/nginx/
nginx.conf
Name the nginx config directive that specifies the port nginx should listen on
listen
e.g.
listen 80 default_server;
Name the nginx config directive that specifies the location of the web content. What is the equivalent directive in Apache?
root
e.g.
root /var/www/html;
equivalent directive in Apache is DocumentRoot
Name the nginx config directive that defines the default file to load. What is the equivalent directive in Apache?
index
e.g.
index index.htm index.html;
equivalent directive in Apache is DirectoryIndex
Name the nginx config directive that specifies the web server name. What is the equivalent directive in Apache?
server_name
e.g.
server_name localhost;
equivalent directive in Apache is ServerName
Name the nginx config directive that specifies the settings for specific locations on the server
location
e.g.
location / {
try_files $uri $uri/ =404;
}
Which nginx directives are used to create a reverse proxy? What does a simple example look like?
The location directive with proxy_pass
location / {
proxy_pass http://www.someotherplace.com;
}
or using IP and port
location / {
proxy_pass 192.168.30.30:5100;
}
