WEB-server

---

Install Apache httpd

 

[1]

Install httpd to configure Web Server. HTTP uses 80/TCP

Install httpd.

[root@www ~]# yum -y install httpd

# remove welcome page

[root@www ~]# rm -f /etc/httpd/conf.d/welcome.conf

[2]

Configure httpd. Replace server name to your own environment.

[root@www ~]# vi /etc/httpd/conf/httpd.conf

# line 86: change to admin's email address

ServerAdmin root@srv.world

# line 95: change to your server's name

ServerName www.srv.world:80

# line 151: change

AllowOverride All

# line 164: add file name that it can access only with directory's name

DirectoryIndex index.html index.cgi index.php

# add follows to the end

# server's response header

ServerTokens Prod

# keepalive is ON

KeepAlive On

[root@www ~]# systemctl start httpd 

[root@www ~]# systemctl enable httpd 

[3]

If Firewalld is running, allow HTTP service. HTTP uses 80/TCP.

[root@dlp ~]# firewall-cmd --add-service=http --permanent 

success

[root@dlp ~]# firewall-cmd --reload 

success

[4]

Create a HTML test page and access to it from client PC with web browser. It's OK if following page is shown.

[root@www ~]# vi /var/www/html/index.html

<html> <body> <div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;"> Test Page </div> </body> </html>

-------------

Create SSL Certificates2014/07/10

Create own-created SSL Certificates. However, If you use your server as a business, it had better buy and use a Formal Certificate from Verisigh and so on.

[root@www ~]# cd /etc/pki/tls/certs 

[root@www certs]# make server.key 

umask 77 ; \ /usr/bin/openssl genrsa -aes128 2048 > server.key Generating RSA private key, 2048 bit long modulus ... ... e is 65537 (0x10001)

Enter pass phrase:# set passphrase

Verifying - Enter pass phrase:# confirm

# remove passphrase from private key

[root@www certs]# openssl rsa -in server.key -out server.key 

Enter pass phrase for server.key:# input passphrase

writing RSA key

[root@www certs]# make server.csr 

umask 77 ; \ /usr/bin/openssl req -utf8 -new -key server.key -out server.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. -----

Country Name (2 letter code) [XX]:BD

State or Province Name (full name) []:Dhaka

Locality Name (eg, city) [Default City]:Dhaka

Organization Name (eg, company) [Default Company Ltd]:World Communication Network Ltd.

Organizational Unit Name (eg, section) []:worldcm.net

Common Name (eg, your name or your server's hostname) []:mail.worldcm.netmail Address []: admin@worldcm.net

A challenge password []:world  OR  Enter

An optional company name []: worldcm  OR  Enter

Country Name (2 letter code) [XX]:JP# country

State or Province Name (full name) []:Hiroshima   # state

Locality Name (eg, city) [Default City]:Hiroshima# city

Organization Name (eg, company) [Default Company Ltd]:GTS   # company

Organizational Unit Name (eg, section) []:Server World   # department

Common Name (eg, your name or your server's hostname) []:www.srv.world   # server's FQDN

Email Address []:xxx@srv.world# email address

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:# Enter

An optional company name []:# Enter

[root@www certs]# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650

Signature ok

subject=/C=JP/ST=Hiroshima/L=Hiroshima/O=GTS/OU=Server World/CN=www.srv.world/emailAddress=xxx@srv.world

Getting Private key

-----------------

Configure SSL.

[root@www ~]# yum -y install mod_ssl

[root@www ~]# vi /etc/httpd/conf.d/ssl.conf

# line 59: uncomment

DocumentRoot "/var/www/html"

# line 60: uncomment and specify the server name

ServerName www.srv.world:443

# line 100: change to the one created in [1]

SSLCertificateFile /etc/pki/tls/certs/server.crt

# line 107: change to the one created in [1]

SSLCertificateKeyFile /etc/pki/tls/certs/server.key

[root@www ~]# systemctl restart httpd 

[3]

If Firewalld is running, allow HTTPS service. HTTPS uses 443/TCP.

[root@dlp ~]# firewall-cmd --add-service=https --permanent 

success

[root@dlp ~]# firewall-cmd --reload 

success

[4]

Access to the test page from a client computer with a Web browser via HTTPS. The examample below is the Fiorefix. Following screen is shown because Certificates is own created one, but it's no ploblem, Proceed to next.

[5]

Click "Add exception" button.

[6]

[7]

Click "Approve security exception" button.

Just accessed via HTTPS.

Virtual Hostings2014/07/23

 

[1]

Configure Virtual Hostings to use maltiple domain names.

The example below is set on an environment which the domain name is [srv.world], virtual domain name is [virtual.host (root directory[/home/cent/public_html])]. 

It's necessarry to set Userdir settings for this example, too.

Configure Virtual Hostings.

[root@www ~]# vi /etc/httpd/conf.d/vhost.conf

# create new

# for original domain

<VirtualHost *:80>

   DocumentRoot /var/www/html

   ServerName www.srv.world

</VirtualHost>

# for virtual domain

<VirtualHost *:80>

   DocumentRoot /home/cent/public_html

   ServerName www.virtual.host

   ServerAdmin webmaster@virtual.host

   ErrorLog logs/virtual.host-error_log

   CustomLog logs/virtual.host-access_log combined

</VirtualHost>

[root@www ~]# systemctl restart httpd 

[2]

Create a test page and access to it from a client computer with a web browser. It's OK if following page is shown.

[cent@www ~]$ vi ~/public_html/virtual.php

<html> <body> <div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;"> Virtual Host Test Page </div> </body> </html>

---