WEB-server
---
Install Apache httpd
[1]
Install httpd to configure Web Server. HTTP uses 80/TCP
Install httpd.
[root@www ~]# yum -y install httpd
# remove welcome page
[root@www ~]# rm -f /etc/httpd/conf.d/welcome.conf
[2]
Configure httpd. Replace server name to your own environment.
[root@www ~]# vi /etc/httpd/conf/httpd.conf
# line 86: change to admin's email address
ServerAdmin root@srv.world
# line 95: change to your server's name
ServerName www.srv.world:80
# line 151: change
AllowOverride All
# line 164: add file name that it can access only with directory's name
DirectoryIndex index.html index.cgi index.php
# add follows to the end
# server's response header
ServerTokens Prod
# keepalive is ON
KeepAlive On
[root@www ~]# systemctl start httpd
[root@www ~]# systemctl enable httpd
[root@dlp ~]# firewall-cmd --add-service=http --permanent
success
[root@dlp ~]# firewall-cmd --reload
success
[4]
Create a HTML test page and access to it from client PC with web browser. It's OK if following page is shown.
[root@www ~]# vi /var/www/html/index.html
<html> <body> <div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;"> Test Page </div> </body> </html>
-------------
Create SSL Certificates2014/07/10
Create own-created SSL Certificates. However, If you use your server as a business, it had better buy and use a Formal Certificate from Verisigh and so on.
[root@www ~]# cd /etc/pki/tls/certs
[root@www certs]# make server.key
umask 77 ; \ /usr/bin/openssl genrsa -aes128 2048 > server.key Generating RSA private key, 2048 bit long modulus ... ... e is 65537 (0x10001)
Enter pass phrase:# set passphrase
Verifying - Enter pass phrase:# confirm
# remove passphrase from private key
[root@www certs]# openssl rsa -in server.key -out server.key
Enter pass phrase for server.key:# input passphrase
writing RSA key
[root@www certs]# make server.csr
umask 77 ; \ /usr/bin/openssl req -utf8 -new -key server.key -out server.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. -----
Country Name (2 letter code) [XX]:BD
State or Province Name (full name) []:Dhaka
Locality Name (eg, city) [Default City]:Dhaka
Organization Name (eg, company) [Default Company Ltd]:World Communication Network Ltd.
Organizational Unit Name (eg, section) []:worldcm.net
Common Name (eg, your name or your server's hostname) []:mail.worldcm.netmail Address []: admin@worldcm.net
A challenge password []:world OR Enter
An optional company name []: worldcm OR Enter
Country Name (2 letter code) [XX]:JP# country
State or Province Name (full name) []:Hiroshima # state
Locality Name (eg, city) [Default City]:Hiroshima# city
Organization Name (eg, company) [Default Company Ltd]:GTS # company
Organizational Unit Name (eg, section) []:Server World # department
Common Name (eg, your name or your server's hostname) []:www.srv.world # server's FQDN
Email Address []:xxx@srv.world# email address
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:# Enter
An optional company name []:# Enter
[root@www certs]# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650
Signature ok
subject=/C=JP/ST=Hiroshima/L=Hiroshima/O=GTS/OU=Server World/CN=www.srv.world/emailAddress=xxx@srv.world
Getting Private key
-----------------
Configure SSL.
[root@www ~]# yum -y install mod_ssl
[root@www ~]# vi /etc/httpd/conf.d/ssl.conf
# line 59: uncomment
DocumentRoot "/var/www/html"
# line 60: uncomment and specify the server name
ServerName www.srv.world:443
# line 100: change to the one created in [1]
SSLCertificateFile /etc/pki/tls/certs/server.crt
# line 107: change to the one created in [1]
SSLCertificateKeyFile /etc/pki/tls/certs/server.key
[root@www ~]# systemctl restart httpd
[root@dlp ~]# firewall-cmd --add-service=https --permanent
success
[root@dlp ~]# firewall-cmd --reload
success
[4]
Access to the test page from a client computer with a Web browser via HTTPS. The examample below is the Fiorefix. Following screen is shown because Certificates is own created one, but it's no ploblem, Proceed to next.
[5]
Click "Add exception" button.
[6]
[7]
Click "Approve security exception" button.
Just accessed via HTTPS.
Virtual Hostings2014/07/23
[1]
Configure Virtual Hostings to use maltiple domain names.
The example below is set on an environment which the domain name is [srv.world], virtual domain name is [virtual.host (root directory[/home/cent/public_html])].
It's necessarry to set Userdir settings for this example, too.
Configure Virtual Hostings.
[root@www ~]# vi /etc/httpd/conf.d/vhost.conf
# create new
# for original domain
<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName www.srv.world
</VirtualHost>
# for virtual domain
<VirtualHost *:80>
DocumentRoot /home/cent/public_html
ServerName www.virtual.host
ServerAdmin webmaster@virtual.host
ErrorLog logs/virtual.host-error_log
CustomLog logs/virtual.host-access_log combined
</VirtualHost>
[root@www ~]# systemctl restart httpd
[2]
Create a test page and access to it from a client computer with a web browser. It's OK if following page is shown.
[cent@www ~]$ vi ~/public_html/virtual.php
<html> <body> <div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;"> Virtual Host Test Page </div> </body> </html>
---