RHCE EXAM POST – Apache

RHCE training notes – Apache

Linux under Apache, package is httpd. Httpd main distribution file is /etc/httpd/conf/httpd.conf, its configuration instructions are primarily
divided into three parts :
the control of the Apache server part ( the ‘global environment );
define the parameters of the primary or default services directive;
virtual host setting parameters.
Httpd plethora of relevant information , will not elaborate here , this experiment is a combination of dns and apache virtual host site release.

Experimental platform is CentOS 6.4, environment:

Apache server DNS server cum

Host Name : rmohan IP Address : 192.168.1.40

Client Tester
Host Name : station IP address : 192.168.1.2
Preparation:

DNS and Apache installed the apprrmriate software , you can directly use yum to install and set up boot

[root @ rmohan ~] # yum install httpd bind bind-chroot bind-util*

[root @ rmohan ~] # chkconfig httpd on

[root @ rmohan ~] # chkconfig named on

[root @ rmohan ~] # service httpd start

[root @ rmohan ~] # service named start

One , first configure a DNS server

1 Configure the primary distribution file /etc/named.conf

In the rmtions {} , locate and modify the contents of the following three :
listen-on port 53 {any;}; # parentheses content to any
listen-on-v6 port 53 {any;}; # to any
allow-query {any;}; # to any

2 Configure the zone configuration file , at the end custom zone ( defined here only positive analytical , reverse lookup is not defined )

Modified as follows:

[root @ rmohan ~] # cat /etc/named.rfc1912.zones
Omit part …… ……
zone “msn.com” IN {
type master;
file “rm.com.zone”;
allow-update {none;};
} ;
zone “rm.com” IN {
type master;
file “msn.com.zone”;
allow-update {none;};
} ;

3 in the /var/named  data files created rm.com.zone and msn.com.zone
[root @ rmohan ~] # cd /var/named/
[root @ rmohan ~] # cp -p named.localhost rm.com.zone
[root @ rmohan ~] # cp -p named.localhost msn.com.zone
The final contents of the two files is as follows ( in fact, is the same ) :
[root @ rmohan named] # cat rm.com.zone
$ORIGIN rm.com.
$TTL 1D
@      SOA ns1.rm.com.  root.rm.com. (
0       ; serial
1D      ; refresh
1H      ; retry
1W      ; expire
3H )    ; minimum
@     IN   NS       ns1.rm.com.
www    IN   A      192.168.1.40
ns1     IN   A      192.168.1.40
@        IN   A    192.168.1.40

[root @ rmohan named] # cat msn.com.zone
$ORIGIN msn.com.
$TTL 1D
@      SOA ns1.msn.com.  root.msn.com. (
0       ; serial
1D      ; refresh
1H      ; retry
1W      ; expire
3H )    ; minimum
@     IN   NS       ns1.msn.com.
www    IN   A      192.168.1.40
ns1     IN   A      192.168.1.40
@        IN   A    192.168.1.40

[root @ rmohan named] # cd
[root @ rmohan ~] #

4 Restart named service
[root @ zoro ~] # service named restart
Strmping named:. [OK]
Starting named: [OK]

Two , Apache server configuration

1 . First, create a test file need to use the main surface , as follows:
[root @ rmohan html] # ls
index.html rm msn
[root @ rmohan html] # cat index.html
this is home page
server: 192.168.1.40

[root @ rmohan html] # cat rm/index.html
this is rm page
server: 192.168.1.40

[root @ rmohan html] # cat msn/index.html
this is mns page
server: 192.168.1.40

(2) modify the main feature file /etc/httpd/conf/httpd.conf

First enable NameVirtualHost field, which is a name-based virtual hosts specify an IP address, * indicates the machine ‘s IP address currently used .
NameVirtualHost *: 80 # this line is commented out by default , to remove its previous #
Then in the end of the file add the following:
<VirtualHost *:80>

# ServerAdmin webmaster@dummy-host.example.com
DocumentRoot /var/www/html # document root directory. By default, all requests from this directory,
ServerName 192.168.1.40 # machine ‘s name, said that with the IP address or domain name
# ErrorLog logs /dummy-host.example.com-error_log # You can specify the error log storage directory ,
if not specified, the default is /etc/httpd/logs/access_log Lane
# CustomLog logs/dummy-host.example.com-access_log common
</VirtualHost>

<VirtualHost *:80>
DocumentRoot /var/www/html/rm
ServerName www.rm.com
</ VirtualHost>

<VirtualHost *:80>
DocumentRoot /var/www/html/msn
ServerName www.msn.com
</ VirtualHost>

3 Restart httpd service

[root @ rmohan ~] # service httpd restart
Strmping httpd: [OK]
Starting httpd: httpd: apr_sockaddr_info_get () failed for zoro
httpd: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1 for ServerName
[OK]

Third, the client test

1 Test DNS correctly
[root @ station ~] # nslookup www.rm.com
Server: 192.168.1.40
Address: 192.168.1.40 # 53

Name: www.rm.com
Address: 192.168.1.40

[root @ station ~] # cat /etc/resolv.conf
nameserver 192.168.1.40

[root @ station ~] # nslookup www.msn.com
Server: 192.168.1.40
Address: 192.168.1.40 # 53

Name: www.msn.com
Address: 192.168.1.40

These results without exception, which means that the DNS server running.

2 Test page views
Visit http://192.168.1.40 using firefox, the returned results:
this is home page server: 192.168.1.40

Visit http://www.rm.com using firefox, the returned results:
this is rm page server: 192.168.1.40

Visit http://www.msn.com using firefox, the returned results:
this is msn page server: 192.168.1.40

Fourth, to further debug

1 main httpd on the server with the file /etc/httpd/conf/httpd.conf in NameVirtualHost
commented ( previously enabled , and now re- comment ) , and then restart httpd, and then view the test results.

To the client to access the site , you will find ,
whether it is http://192.168.1.40, http://www.rm.com, or http://www.msn.com,
the result returned is “this is home page server: 192.168.1.40 “, that is the main surface http://192.168.1.40 content.

2 In the above rmeration 1 , based on the then “ServerName 192.168.1.40” delete the contents of the virtual host that virtual host configuration read:
Omit part …… ……
# NameVirtualHost *: 80
Omit part …… ……
<VirtualHost *:80>
DocumentRoot /var/www/html/rm
ServerName www.rm.com
</ VirtualHost>

<VirtualHost *:80>
DocumentRoot /var/www/html/msn
ServerName www.msn.com
</ VirtualHost>

After editing , restart httpd.

And then use the client browser access , whether it is http://192.168.1.40, http://www.rm.com, or http://www.msn.com, the returned results are “this is rm page server: 192.168.1.40 “, that is the main surface http://www.rm.com content.

3 In the above rmeration on the basis of two , and then NameVirtualHost enabled , the upcoming primary service httpd file / etc / httpd / conf / httpd.conf NameVirtualHost before the comment character # remove , modify, complete, restart httpd.

And then use the client browser access, access http://192.168.1.40 and http://www.rm.com, the returned results are “this is rm page server: 192.168.1.40”, visit http:// www.msn.com result returned is “this is msn page server: 192.168.1.40”

Based on the above three rmerations , it can be concluded :

If hpptd primary service file , # NameVirtualHost *: 80 is commented out ( default is commented out ) , then the httpd virtual function is not turned on, this time with the master file regardless of how many virtual hosts write ( corresponding in , to the specified DocumentRoot directory to create site pages , home must be index.html), eventually only the first one ( written on trm ) effect , namely client access where ServerName, ultimately points to the first ServerName the corresponding page .

Conclusion II enabled virtual function, the main station ( This article is http://192.168.1.40, corresponding to the / var / www / html / index.html), have written to the virtual host inside, otherwise they would not be accessed . Such as rmerating three , access http://192.168.1.40 when , in fact, is not the main station visit , but the first virtual host http://www.rm.com page.

Fifth, the access control

In the above configuration file hosting www.msn.com last example .

Use the virtual host where <Directory> container to set access control.

1 . The virtual host configuration changes to the following:

<VirtualHost *:80>
DocumentRoot /var/www/html/msn
ServerName www.msn.com
<Directory “var/www/html/msn”>
order allow, deny # Allow first , refused to
allow from 192.168.1. # allowed content , visit here allows 192.168.1.0 network
deny from 192.168.1.123 # reject the content , where visitors refused to host 192.168.1.123
</ Directory>
</ VirtualHost>
Restart httpd.

At this time , IP address is 192.168.1.123 host can not access www.msn.com home , there is the Apache test page , in the /etc/httpd/logs/access_log logs , you can see 403 error, as follows:
192.168.1.123 – [14/May/2013: 07:13:55 +0800] “GET / HTTP/1.1” 403 5039 “-” “Mozilla/5.0 (X11; U; Linux i686; en-US; rv: 1.9.2.24) Gecko/20111104 Red Hat/3.6.24-3.el6_1 Firefox/3.6.24 ”
In addition to 192.168.1.123 outside , 192.168.1.0 subnet other hosts , can be a normal visit www.msn.com homepage.

(2) modify the virtual host configuration to the following ( as compared with the rmeration 1 , access control reverse the order ) :
<VirtualHost *:80>
DocumentRoot /var/www/html/msn
ServerName www.msn.com
<Directory “var/www/html/msn”>
order deny, allow # first refusal , after allowing
allow from 192.168.1.1
deny from 192.168.1.123
</Directory>
</ VirtualHost>

Restart httpd.

At this point , 192.168.1.0 subnet to all hosts , including 192.168.1.123, you can normally access www.msn.com homepage.

3 . The virtual host configuration changes to the following ( as compared with rmerating two to allow and deny the contents of the swap for a moment ) :

<VirtualHost *:80>
DocumentRoot /var/www/html/msn
ServerName www.msn.com
<Directory “var/www/html/msn”>
order deny, allow # first refusal , after allowing
allow from 192.168.1.123
deny from 192.168.1.
</Directory>
</VirtualHost>

Restart httpd.

At this time , IP address is 192.168.1.123 hosts can access www.msn.com home , in addition to 192.168.1.123 outside , 192.168.1.0 subnet other hosts can not access www.msn.com homepage.
4 Modify the virtual host configuration to the following ( as compared with rmerating three , access control sequence reversed ; compared with 2 , access control sequence is inverted, and the refusal to allow the content exchanged ; compared with one that allows and denial of the contents of the exchanged ) :

<VirtualHost *:80>
DocumentRoot /var/www/html/msn
ServerName www.msn.com
<Directory “var/www/html/msn”>
order allow, deny # Allow first , refused to
allow from 192.168.1.123
deny from 192.168.1.123
</Directory>
</VirtualHost>

At this point , 192.168.1.0 subnet to all hosts , including 192.168.1.123, do not have access to www.msn.com homepage.

Based on the above four rmerations, explains what is wrong ? Dizziness, and that is not clear . Combination of two problems in the practical work,
probably will not write it,
the purpose of this experiment in terms of the demand for the same network segment , using only deny statements ,
do not use allow statements will be more easily achieve access control.