Install the Apache

? Web server Apache

Install the Apache, which boasts the largest share in the world. You must first install the apache in yum.

# Yum install httpd
# Rpm -qa | grep httpd
httpd-2.4.6-18.el7.centos.x86_64
httpd-tools-2.4.6-18.el7.centos.x86_64

Edit the configuration file (/etc/httpd/conf/httpd.conf). The following has been described only part that was edited.

ServerAdmin webmaster@rmohan.com
ServerName www.rmohan.com:80

# Enabling specify the CGI and htaccess document root
DocumentRoot “/ var / www / html”
<Directory “/ var / www / html”>
Options ExecCGI
AllowOverride FileInfo AuthConfig Limit
Order allow, deny
Require all granted
</ Directory>

# To add a file to be accessed at URL omitted
<IfModule dir_module>
DirectoryIndex index.html index.cgi index.php
</ IfModule>

# Does not fix the directory that you can run the cgi
<IfModule alias_module>
# ScriptAlias / cgi-Bin / “/ var / Www / cgi-Bin /”
</ IfModule>

# Enable the extension of cgi
<IfModule mime_module>
AddHandler cgi-script .cgi
</ IfModule>

Set the following order # is that Japanese is garbled
#AddDefaultCharset UTF-8
AddDefaultCharset none

Since the default but with the index.html file is not also provide’s the state in which the page to be able to access does not exist, but they will be actually when you access a page that says CentOS. Because it’s this OS will cause leaks to a third party, you have to save the /etc/httpd/conf.d/welcome.conf this is set to be displayed in the appropriate directory.

# Mv /etc/httpd/conf.d/welcome.conf / root

? settings for access control

and describes the directives for carrying out the access control to the directory that is specified in the <Directory>. Access control is the core function of the Apache. (1) add, change or delete control options

Options [+ | -] <option>

Is in the <Directory> Specifies the specific directives for the specified directory. Set in the <option> a parameter called the control options in this. The control options that can be specified for this parameter is shown below.

option meaning
None To all the control options invalid
All To all the control option is enabled
ExecCGI To permit the execution of CGI programs
FollowSymLinks When there is a symbolic sink, allowing you to follow it
Includes Allow SSI
IncludesNOEXEC But to allow SSI, # exec, # cmd, execution of the program by # include is prohibited
Indexes To allow creation of a directory index
MultiViews Allow Content negotiated MultiViews
SymLinksOwnerMatch If the symbolic link and the link destination is the same owner only, allowing you to follow it

You can also put in front of the specified each of the control options +/-. + The put when a new option in the directory will be added. – <Option> put and in the directory will be deleted. Either all control of options in it than the upper directory to be wearing will be replaced by those of this directory.

(2) permission of the override by the access control file

AllowOverride <override> …..

Up to where the configuration changes for each directory by the access control file to specify whether to allow. Specifiers that can be specified in <override> is shown below.

Specifier meaning
None To disable the override (even if the access control file to ignore)
All To enable all of the directives in the access control file.
AuthConfig To enable the directives related to authentication. (.htaccess File becomes effective)
FileInfo To enable the directive to specify the document type.
Indexes To enable the directive to specify the directory index. Non-encouragement to become a directory full view state.
Limit To enable the directives to carry out access control. The subject of the directive allow, deny, three of the order.
Options To enable the directives to control the functions.

(3) access permission or denial such as setting of have to allow access from any IP that has been used to apache2.2 description is changed to less than 2.4, it is set by default. .

Require all granted

It has indicated only one line in the above, but the original is written using the Require directive. The Require directive is present the following three types.

Directives Description
<RequireAny> Permission If either match among multiple conditions described. The default behavior of the case omitted.
<RequireAll> Multiple conditions described will fire when all matches. It is used to specify, such as permit or deny specific IP.
<RequireNone> Access denied when matching one among the plurality described conditions. Never use too much.

For example, if you want to allow access to the 192.168.0.0/24 and 192.168.1.0/24 performs the following description. The following RequireAny will be applied because it omitted the Require directive. Also it will be the fact that if you want to specify more than one may be written on a new line.

Require ip 192.168.0.0/24
Require ip 192.168.1.0/24

And described without omitting it will be as follows.

<RequireAny>
Require ip 192.168.0.0/24
Require ip 192.168.1.0/24
</ RequireAny>

If you reverse to want to deny access from the 192.168.0.0/24 and 192.168.1.0/24 using RequireAll directive will be in the following such a description.

<RequireAll>
Require all granted
Require not ip 192.168.0.0/24
Require not ip 192.168.1.0/24
</ RequireAll>
? user authentication (Basic)

This is the most standard method in the authentication method that has been used in old-fashioned in the Apache. However, this approach of passwords will flow in the clear (unencrypted) is difficulty. Configuration is done in httpd.conf. Let’s assume that this will be the directory to which you want to apply the limit / var / www / html / basic.

<Directory “/ var / Www / Html / Basic”>
AuthType Basic
AuthName “Require Auth”
AuthUserFile /Var/www/html/basic/.Htpasswd
Require Valid-User
</ Directory>

Append the above to the end of the httpd.conf, and then restart the apache. Or it is also to create the / var / www / html / basic .htaccess file under. And sets the actual user and password in the following command.

# Htpasswd -C /Var/www/html/basic/.Htpasswd User
New Password: [Enter Password]
Re-Type New Password: [password]
Adding Password For User User # More / var / Www / Html / Basic /. htpasswd User: SNQ1ca2F / HkRk

Register the “user” as the user ID, you have set a password for it. -c option means that generates a new file. If you want to add an authentication user to an existing .htpasswd is -c option will run the command as there is no need next.

# Htpasswd /Var/www/html/basic/.Htpasswd user1
New Password: [Enter Password]
Re-Type New Password: [password]
Adding Password For User User # More /Var/www/html/basic/.Htpasswd User : SNQ1ca2F / HkRk user1: 3JlDTcijbrgbQ
Authentication screen as you try to access from the browser to the directory of the top in this state is displayed, it is OK if you can browse in the ID / PASS.

? user authentication (Digest)

Another authentication of Apache, is Digest authentication. Basic authentication Digest authentication for the flowing password is in plain text will be encrypted. There is a need for Apache to auth_digest module has been incorporated as a prerequisite, you may not be supported in such old browser, but it is the security be preferred is better here.

How to set and edit from the first httpd.conf in almost the same as the Basic authentication.

<Directory “/ var / Www / Html / Digest”>
AuthType Digest
AuthName “Require Auth”
AuthUserFile /Var/www/html/digest/.Htdigest
Require Valid-User
</ Directory>

Actual user and password you set in the next command.

# Htdigest -C /Var/www/html/digest/.Htdigest ‘Require Auth’ User
Adding Password For User In Realm Require Auth.
New Password: [Enter Password]
Re-Type New Password: [password]

# More / var /Www/html/digest/.Htdigest
User: Require Auth: 5552A3218d8fd3d4ed6abfc4d0062c15

Register the “user” as the user ID, you have set a password for it. -c option means that generates a new file. The difference between Basic authentication, you must specify the realm. It is part of the referred to in the command of the above ‘Require Auth’. This should match the AuthName specified in httpd.conf. This state authentication screen to access from the browser to the above directory is displayed in, the behavior is OK if impassable until the authentication.
? virtual host of setting

the virtual host is a mechanism for operating multiple domains on a single Web server. For example www.rmohan.com also be operated as at the same time www.rmohan.com web server and to act as a web server will use the virtual host. The method to achieve a virtual host has a virtual host of IP-based virtual hosts and name-based. IP-based virtual host is a method to assign the IP address for each domain. You can surely realize the functions of the virtual host for the IP address that is connected from the client can determine the domain. However, can say that there is not a very realistic because the necessary IP address only the number of domains. However, it must be this system and I think an attempt is made to realize the HTTPS virtual host. Name-based virtual host is a method to determine the domain in the HTTP Host request header from the client. The IP address does not need more than one, but the client must correspond to the HTTP / 1.1. In the following left a note of this name-based virtual host.

It describes the settings that you want to distinguish between the server name, the document root, such as the location of the log for each domain. You must specify at least ServerName directive. The following is an example of setting the two of virtual host of www.rmohan.com and www.rmohan.com.

<VirtualHost 192.168.12.20>
ServerName www.rmohan.com
ServerAdmin webmaster@rmohan.com
DocumentRoot / var / www / unix-power / htdocs
ErrorLog /var/log/httpd/unixpower.net-error_log
CustomLog /var/log/httpd/unixpower.net-access_log combined
</VirtualHost>

<VirtualHost 192.168.12.20>
ServerName www.rmohan.com
ServerAdmin webmaster@rmohan.com
DocumentRoot / var / www / unix-power1 / htdocs
ErrorLog /var/log/httpd/unixpower1.net-error_log
CustomLog /var/log/httpd/unixpower1.net-access_log combined
</VirtualHost>

If you specify a <VirtualHost> _default_ in the argument of the directive it will be the default if you do not match the settings of all the virtual hosts. In addition, from the Apache2.4 statement that NameVirtualHost ****** is no longer required.