If you can see this check that

next section prev section up prev page next page

Essential Apache Tutorial


HTTP Server

User:
Password:

This tutorial is concerned with the configuration of an http server, namely Apache.

Question 1: Run the apache server

Each time you make a configuration change to the Apache server you must restart (or at the very least reload) the http service. Remember to start apache for the first time do:

systemctl start httpd.service
And to reload the configuration file do:
systemctl reload httpd.service
Additionally if you have been changing the standard firewall configuration, you should reset the config to normal. To do this do:
systemctl restart iptables.service

Now get the web server running...

Tests - not attempted
Run apache UNTESTED

Question 2: Add user directories

Apache allows you do have a URL which starts with /~username. This redirects the server to look for files in /home/username/public_html/. So for instance http://machine/~dave/hello.html would look for a file in /home/dave/public_html/hello.html.

To get this feature enabled you have to hunt for the configuration statements which control UserDir. Sometimes this is in /etc/httpd/conf/httpd.conf, but in Centos7 this is in /etc/httpd/conf.d/userdir.conf. Find the line:

  UserDir disable

Remove this line, or better yet put a # infront of it (which comments the line out). Then look on a little further on to find:

    #UserDir public_html
Delete the '#' comment character from the front of this line. As you have changed the configuration remember to reload the httpd service!

Now create a user called "dave", create a public_html directory in dave's home directory, and create a file hello.html in the public_html. The contents of this file should be:

<html>
<body>
<h1>HOST</h1>
<p>
I am clever
</p>
</body>
</html>

The best way to ensure that "dave" files and directories are all owned by dave is to "su - dave", make the files and directories, then CTRL-D back to root. Otherwise do "chown -R dave.dave /home/dave". The "/home/dave" and "/home/dave/public_html" must be executable by others, and the "/home/dave/public_html/hello.html" file must be readable by other. More generous permissions or permission changes on owner or group from the default will be marked incorrect.

You can direct your browser to see this page by using the URL

http://yourmachinename/~dave/hello.html
Replace "yourmachinename" with the output of running the "hostname" command, eg
[root@host-19-17 dave]# hostname
host-19-17.linuxzoo.net

Finally, SELinux is currently enabled in enforcing mode. This means you need even more security to overcome (configure). You need to make sure that the SELinux boolean httpd_read_user_content is enabled. By default SELinux is forbidden from reading any file in /home. Check with

getsebool  httpd_read_user_content
and if needed set it with
setsebool -P httpd_read_user_content 1
"setsebool" may take 20 or more seconds to run. It will finish, honest!

Tests - not attempted
UserDir seems to be disabled UNTESTED
UserDir public_html seems to be enabled UNTESTED
Dave exists UNTESTED
Dave has a public_html which he owns UNTESTED
Dave has a home directory executable by others but still secure UNTESTED
Dave has a public_html executable by others but not readable UNTESTED
Dave has a file hello.html which he owns UNTESTED
hello.html is readable by others UNTESTED
hello.html contains the word HOST (case sensitive) UNTESTED
SELinux has been configured with httpd_read_user_content true UNTESTED
http://host/~dave/hello.html actually works UNTESTED

Question 3: Add two new directories/files

Create the following directories, each of which must be executable for other:

  • /home/dave/public_html/web
  • /home/dave/public_html/vm

In each of these new directories create a file called "hello.html", which are copies of hello.html from /home/dave/public_html, except in "web/hello.html" replace the word HOST with WEB. In "vm/hello.html" replace the word HOST with VM. Case is important.

Tests - not attempted
Can read http://../~dave/web/hello.html UNTESTED
http://../~dave/web/hello.html contains WEB UNTESTED
Can read http://../~dave/vm/hello.html UNTESTED
http://../~dave/web/hello.html contains VM UNTESTED

Question 4: Create 2 virtual hosts

You need to create a number of virtual hosts in your virtual machine. These should go into a new file somewhere in /etc/httpd/conf.d. For the purposes of this tutorial, create and use the file "/etc/httpd/conf.d/zvirtual.conf".

Using <VirtualHost> create two VirtualHosts in the file /etc/httpd/conf.d/zvirtual.conf. Below is an example of a VirtualHost definition which may help you remember what is needed.

<VirtualHost *:80>
    ServerAdmin me@grussell.org
    DocumentRoot /home/gordon/public_html/grussell.org
    ServerName sql.grussell.org
    ErrorLog logs/sql-error_log
    CustomLog logs/sql-access_log common
</VirtualHost>

The names of your virtual hosts have to be worked out by yourself from your current hostname. Type in the command "hostname" and you will get something like:

host-3-2.linuxzoo.net

Your machine is known by this name in DNS. It is also known by two other names, where the word "host" has been replaced with "web" and "vm". In this example of host-3-2, this machine is also known as:

web-3-2.linuxzoo.net
vm-3-2.linuxzoo.net

IMPORTANT: Do not just copy this example, as your machine number is likely to be entirely different. Use "hostname" and work your machine names out for yourself. Note too that your hostname can change each time you reboot, so double check each time you reboot!

Once you have your web and vm machine names, create two virtual host entries, one for each of web-?-?.linuxzoo.net and vm-?-?.linuxzoo.net, so that the DocumentRoot of web is /home/dave/public_html/web and the DocumentRoot of vm is /home/dave/public_html/vm.

Each VirtualHost tagged area (you need 2) needs to be configured, with their own ServerName and DocumentRoot. like: The other fields are not important in this question.

It is easy to make a syntax error in the config file. If you have problems you can check for syntax errors using the command:

httpd -t
...and if you make changes to a configuration file remember to tell httpd.service!

Once again you can verify this works manually by pointing your browser to web-?-?.linuxzoo.net or the vm equivalent (remembering to put the right things in for the "?" characters). This is important, as in an assessment you may need to verify this yourself.

Tests - not attempted
VirtualHost detected for web-?-?.linuxzoo.net UNTESTED
VirtualHost detected for vm-?-?.linuxzoo.net UNTESTED
http://web-?-?.linuxzoo/hello.html contains WEB UNTESTED
http://vm-?-?.linuxzoo/hello.html contains VM UNTESTED

Question 5: Rewrite Rules

Add to the VirtualHost tag area for the "vm-?-?.linuxzoo.net" virtual host a ServerAlias for "host-?-?.linuxzoo.net". Remember to replace the ? characters with the details for YOUR machine. Once again, you can remind yourself of what this is by running the hostname command. After doing this the use of host-?-? should also use the virtual host information for vm-?-?.

Add to the end of the VirtualHost tag area for vm-?-? a rewrite rule, such that any use of host-?-?.linuxzoo.net gets an external redirection to rewrite it to vm-?-?.linuxzoo.net.

Tests - not attempted
Server Alias detected for host-?-? UNTESTED
Redirect from host-?-? to vm-?-? is working? UNTESTED
No redirect from vm-?-? to vm-?-? UNTESTED

Question 6: Extended Rewrite Conditions

Modify the rewrite rules for the previous question with an additional condition, so that host-?-?.linuxzoo.net always gets rewritten using an external redirect to vm-?-?.linuxzoo.net unless the URI starts with a /~dave. Thus:

http://host-?-?.linuxzoo.net/hello.html   -> rewritten to -->  http://vm-?-?.linuxzoo.net/hello.html 
http://host-?-?.linuxzoo.net/~dave/hello.html   -> not rewritten and handled normally
Tests - not attempted
Redirect from host-?-? to vm-?-? is still working? UNTESTED
No redirect with host-?-?/~dave... UNTESTED
No redirect from vm-?-? to vm-?-? UNTESTED


Linux tutorials: intro1 intro2 wildcard permission pipe vi essential admin net SELinux1 SELinux2 fwall DNS diag Apache1 Apache2 Mail
Caine 6.0: Essentials | Basic | Search | SysIntro | 5a | 5b | 5c | 6 | 7a | 7b | 8a | 8b | WebBrowserA | WebBrowserB | Registry | Browser
Digital Investigation: Editing | Email | Logs | Strength
Kali: 1a | 1b | 1c | 2 | 3 | 4a | 4b | 5 | 6 | 7a | 8a | 8b | 9 | 10 |
Useful: Quiz | Forums | Privacy Policy | Terms and Conditions
Site Links:XMLZoo ActiveSQL ProgZoo SQLZoo

Linuxzoo created by Gordon Russell.
@ Copyright 2004-2017 Edinburgh Napier University