Apache Web Server
Features:
1. WWW Web Server
2. Modular
Tasks:
1. Install Apache 2.2x
a. httpd*rpm
/etc/httpd - top-level configuration container on RH5
/etc/httpd/conf - primary configuration directory
/etc/httpd/conf/httpd.conf - primary Apache configuration file
/etc/httpd/conf.d - drop-in configuration directory, read by Apache upon startup
2. Explorer: /etc/httpd/conf/httpd.conf
a. HTTPD runs as: apache:apache
b. Apache maintains, always, a 'main' server, which is independent of Virtual Hosts. This server is a catch-all for traffic that doesn't match any of the defined virtual hosts.
c. <Directory> directive governs file system access.
Note: The primary Apache process runs as 'root', and has access to the full file system. However, <Directory> directive restricts the web-user's view of the file system.
d. Test access to '.ht*' files from web root
e. ErrorLog logs/error_log - default error log file for ALL hosts
f. logs/access_log - default log file for default server
Note: Every directory, outside of the 'DocumentRoot' should have at least one: <Directory> directive defined.
3. Start Apache and continue to explore
a. service httpd start
root 31324 1 0 10:17 ? 00:00:00 /usr/sbin/httpd
apache 31326 31324 0 10:17 ? 00:00:00 /usr/sbin/httpd
apache 31327 31324 0 10:17 ? 00:00:00 /usr/sbin/httpd
apache 31328 31324 0 10:17 ? 00:00:00 /usr/sbin/httpd
apache 31329 31324 0 10:17 ? 00:00:00 /usr/sbin/httpd
apache 31330 31324 0 10:17 ? 00:00:00 /usr/sbin/httpd
apache 31331 31324 0 10:17 ? 00:00:00 /usr/sbin/httpd
apache 31332 31324 0 10:17 ? 00:00:00 /usr/sbin/httpd
apache 31333 31324 0 10:17 ? 00:00:00 /usr/sbin/httpd
Note: Parent Apache runs as 'root' and can see the entire file system
Note: However, children processes run as 'apache' and can only see files/directories that 'apache:apache' can see
4. Create an Alias for content outside of the web root (/var/www/html)
a. Alias /testalias1 /var/www/testalias1
<Directory /var/www/testalias1>
AllowOverride Non
order allow,deny
allow from all
</Directory>
5. Ensure that Apache will start when the system boots
a. chkconfig --level 35 httpd on && chkconfig --list httpd
Virtual Hosts Configuration:
Features:
1. Ability to share/serve content based on 1 or more IP addresses
2. Supports 2 modes of Virtual Hosts:
a. IP Based - one site per IP address
b. Host header names - multiple sites per IP address
Tasks:
1. Create IP Based Virtual Hosts
a. ifconfig eth0:1 192.168.75.210
b. Configure the Virtual Host:
<VirtualHost 192.168.75.210>
ServerAdmin webmaster@linuxcbtserv4.linuxcbt.internal
ServerName site1.linuxcbt.internal
DocumentRoot /var/www/site1
<Directory /var/www/site1>
Order allow,deny
Allow from all
</Directory>
CustomLog logs/site1.linuxcbt.internal.access.log combined
ErrorLog logs/site1.linuxcbt.internal.error.log
</VirtualHost>
c. Create: /var/www/site1 and content
d. Update: /etc/httpd/conf/httpd.conf with VHost information
2. Create Name-based Virtual Hosts using the primary IP address
a. /etc/httpd/conf/httpd.conf:
NameVirtualHost 192.168.75.199:80
<VirtualHost 192.168.75.199:80>
ServerAdmin webmaster@linuxcbtserv4.linuxcbt.internal
ServerName site3.linuxcbt.internal
DocumentRoot /var/www/site3
<Directory /var/www/site3>
Order allow,deny
Allow from all
</Directory>
CustomLog logs/site3.linuxcbt.internal.access.log combined
ErrorLog logs/site3.linuxcbt.internal.error.log
</VirtualHost>
###Apache with SSL Support###
Features:
1. Secure/Encrypted communications
Requirements:
1. httpd
2. openssl
3. mod_ssl
4. crypto-utils (genkey) - used to generate certificates/private keys/CSRs
a. also used to create a self-signed certificate
Tasks:
1. Install the requirements
a. mod_ssl - module for Apache, which provides SSL support
yum -y install mod_ssl
/etc/httpd/conf.d/ssl.conf - includes key SSL directives
b. crypto-utils - provies /usr/bin/genkey
2. Generate SSL usage keys using: genkey
a. genkey site1.linuxcbt.internal - creates text-gui interface
3. Update /etc/httpd/conf.d/ssl.conf to reference the new keys (public/private)
4. Restart the HTTPD server
a. service httpd restart
b. httpd -S
5. Test HTTPS connectivity
a. https://192.168.75.199
Note: For mutliple SSL sites, copy the: /etc/httpd/conf.d/ssl.conf file to distinct files, that match your distinct IP-based VHosts.
Thanking You
Hope U Like it....