11 - Oakton Community College
advertisement
CIS 238 - UNIX System Administration
Lab Exercise #11: Apache Web Server, LAMP Server
Install a basic Web Server:
1) Install: lynx, httpd, httpd-tools, httpd-devel, system-config-httpd
2) In /etc/httpd/conf/httpd.conf
- Change ServerName to: www.p156.occcns.info
- change the “listen port to 8080
Copy “web.txt” from Lab2 to /var/www/html/index.html
3) service httpd restart
4) telnet 127.0.0.1 8080
GET http://127.0.01 HTTP/1.0\n\n
.. and hit ENTER twice
5) Connect to the website using NETCAT
echo -e "GET http://127.0.0.1 HTTP/1.0\n\n" | nc -w 5 127.0.0.1 8080
Demonstrate the website for the instructor using Firefox browser
6) Add www.p156.occcns.info to /etc/hosts as DHCP assigned IP address
Repeat steps 4, 5 using www.p156.occcns.info replacing 127.0.0.1
Password secure the web server:
7) Create passwd file for your website: htpasswd -c /etc/httpd/conf/.htpasswd user1
Repeat for users2 –user9 (withoput –c)
chmod 644 /etc/httpd/conf/.htpasswd
8) Create .htaccess file in your DocumentRoot:
AuthUserFile /etc/httpd/conf/.htpasswd
AuthGroupFile /dev/null
AuthName “EnterPassword”
AuthType Basic
require valid-user
9) vi /etc/httpd/conf/http.conf:
Change DocumentRoot as follows:
<Directory /var/www/html/*>
AllowOverride AuthConfig
</Directory>
10) service httpd restart.
11) Try accessing the web site and you'll be prompted for a password.
Lab Exercise #11: Apache Web Server, LAMP Server
Install MySQL Database Server
12) yum install mysql mysql-server mysql-libs
13) Start the mysql daemon,
service mysqld start
14) then type “mysql”
mysql
Change the MySQL Root Password, the default the root password for the for mysql database.
mysql> USE mysql;
mysql> UPDATE user SET Password=PASSWORD('newpassword') WHERE user='root';
mysql> FLUSH PRIVILEGES;
exit;
15) check by logging in
mysql -u root -p
Enter Password:
exit;
16) Create a new MySQL User: To create a new mysql user ‘guest’ with ‘all privileges’ on database ‘demo’
mysql –u root –p –e ‘create database demo’
mysql –u root –p
mysql >GRANT ALL PRIVILEGES ON demo.* TO 'guest'@'localhost' IDENTIFIED BY 'guest' \
WITH GRANT OPTION;
mysql> USE mysql;
mysql> UPDATE user SET Password=PASSWORD('guest') WHERE user='guest';
mysql> FLUSH PRIVILEGES;
mysql> exit;
Python – native interface, see also mod_wsgi
17) Create Python CGI program /var/www/cgi-bin/test.cgi
#!/usr/bin/python
import cgitb
cgitb.enable()
print (“Content-type: text/html\n\n”)
print (“Hello World”)
18) Point your browser to: http://127.0.0.1:8080/cgi-bin/test.cgi
Lab Exercise #11: Apache Web Server, LAMP Server
Install PHP
19) Install PHP Scripting Language
yum install php php-mysql php-pear php-common php-gd php-mbstring php-mcrypt php-xml phpcli php-devel
20) Restart the apache to load php.
service httpd restart
21) Test PHP: Create a file named /var/www/html/test.php with the following phpinfo() function inside php
quotes.
// test.php
<?php
phpinfo();
?>
22) Point your browser to http://127.0.0.1:8080/test.php
Install PERL
23) Install Perl
yum install mod_perl
24) Verify Apache CGI scripts are placed in the /var/www/cgi-bin/ directory as defined by the ScriptAlias
directive in the httpd.conf file:
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
25) Create Perl CGI Program: /var/www/cgi-bin/test/test.cgi
#!/usr/bin/perl
# CGI Script "test.cgi"
print qq(
<html>
<head>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html">
<title>Linux Home Networking</title>
</head>
<body>
Success!
</body>
</html>
);
26) Point your browser to: http://127.0.0.1:8080/cgi-bin/test/test.cgi
Lab Exercise #11: Apache Web Server, LAMP Server
Apache self-cert install:
27) Install SSL software:
yum install openssl
yum install mod_ssl
28) mkdir /etc/httpd/conf/ssl; cd /etc/httpd/conf/ssl
Generate RSA private key without a passphrase:
openssl genrsa -out <hostname>.key 1024
(Don’t do this): openssl genrsa -des3 -out <hostname>.key 1024
Generates a RSA key with a passphrase - you will be prompted to enter a passphrase right after you hit enter and
when Apache starts. You should generally NOT generate the RSA private key with a passphrase if you have scripts
that restart apache automatically; Apache will just sit there and wait for the script to input the passphrase.
29) generate the CSR using the RSA Private Key
openssl req -new -key <hostname>.key -out <hostname>.csr
Enter your Common Name, Organization, Organization Unit, City or Locality, State or Province and Country.
At email address and challenge password, just hit enter.
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:Illinois
Locality Name (eg, city) [Default City]:Skokie
Organization Name (eg, company) [Default Company Ltd]:Oakton Community College
Organizational Unit Name (eg, section) []:CIS
Common Name (eg, your name or your server's hostname) []:<hostname>
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
30) Generate self-signed cert (or send ,csr to 3rd party vendor for 3rd party cert):
openssl x509 -req -days 365 -in <hostname>.csr -signkey <hostname>.key -out <hostname>.crt
31) chmod all files to 600, owner and group = root
32) Add to Apache main server(s):
vi /etc/httpd/conf.d/ssl.conf
# Server Certificate:
# SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateFile /etc/httpd/conf/ssl/<hostname>.crt
# Server Private Key:
# SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificateKeyFile /etc/httpd/conf/ssl/<hostname>.key
repeat for each virtual server
