RHCE training notes – Apache<\/p>\n
Linux under Apache, package is httpd. Httpd main distribution file is \/etc\/httpd\/conf\/httpd.conf, its configuration instructions are primarily
\ndivided into three parts :
\nthe control of the Apache server part ( the ‘global environment );
\ndefine the parameters of the primary or default services directive;
\nvirtual host setting parameters.
\nHttpd plethora of relevant information , will not elaborate here , this experiment is a combination of dns and apache virtual host site release.<\/p>\n
Experimental platform is CentOS 6.4, environment:<\/p>\n
Apache server DNS server cum<\/p>\n
Host Name : rmohan IP Address : 192.168.1.40<\/p>\n
Client Tester
\nHost Name : station IP address : 192.168.1.2
\nPreparation:<\/p>\n
DNS and Apache installed the apprrmriate software , you can directly use yum to install and set up boot<\/p>\n
[root @ rmohan ~] # yum install httpd bind bind-chroot bind-util*<\/p>\n
[root @ rmohan ~] # chkconfig httpd on<\/p>\n
[root @ rmohan ~] # chkconfig named on<\/p>\n
[root @ rmohan ~] # service httpd start<\/p>\n
[root @ rmohan ~] # service named start<\/p>\n
One , first configure a DNS server<\/p>\n
1 Configure the primary distribution file \/etc\/named.conf<\/p>\n
In the rmtions {} , locate and modify the contents of the following three :
\nlisten-on port 53 {any;}; # parentheses content to any
\nlisten-on-v6 port 53 {any;}; # to any
\nallow-query {any;}; # to any<\/p>\n
2 Configure the zone configuration file , at the end custom zone ( defined here only positive analytical , reverse lookup is not defined )<\/p>\n
Modified as follows:<\/p>\n
[root @ rmohan ~] # cat \/etc\/named.rfc1912.zones
\nOmit part …… ……
\nzone “msn.com” IN {
\ntype master;
\nfile “rm.com.zone”;
\nallow-update {none;};
\n} ;
\nzone “rm.com” IN {
\ntype master;
\nfile “msn.com.zone”;
\nallow-update {none;};
\n} ;<\/p>\n
3 in the \/var\/named\u00a0 data files created rm.com.zone and msn.com.zone
\n[root @ rmohan ~] # cd \/var\/named\/
\n[root @ rmohan ~] # cp -p named.localhost rm.com.zone
\n[root @ rmohan ~] # cp -p named.localhost msn.com.zone
\nThe final contents of the two files is as follows ( in fact, is the same ) :
\n[root @ rmohan named] # cat rm.com.zone
\n$ORIGIN rm.com.
\n$TTL 1D
\n@\u00a0\u00a0\u00a0\u00a0\u00a0 SOA ns1.rm.com.\u00a0 root.rm.com. (
\n0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ; serial
\n1D\u00a0\u00a0\u00a0\u00a0\u00a0 ; refresh
\n1H\u00a0\u00a0\u00a0\u00a0\u00a0 ; retry
\n1W\u00a0\u00a0\u00a0\u00a0\u00a0 ; expire
\n3H )\u00a0\u00a0\u00a0 ; minimum
\n@\u00a0\u00a0\u00a0\u00a0 IN\u00a0\u00a0 NS\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ns1.rm.com.
\nwww\u00a0\u00a0\u00a0 IN\u00a0\u00a0 A\u00a0\u00a0\u00a0\u00a0\u00a0 192.168.1.40
\nns1\u00a0\u00a0\u00a0\u00a0 IN\u00a0\u00a0 A\u00a0\u00a0\u00a0\u00a0\u00a0 192.168.1.40
\n@\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 IN\u00a0\u00a0 A\u00a0\u00a0\u00a0 192.168.1.40<\/p>\n
[root @ rmohan named] # cat msn.com.zone
\n$ORIGIN msn.com.
\n$TTL 1D
\n@\u00a0\u00a0\u00a0\u00a0\u00a0 SOA ns1.msn.com.\u00a0 root.msn.com. (
\n0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ; serial
\n1D\u00a0\u00a0\u00a0\u00a0\u00a0 ; refresh
\n1H\u00a0\u00a0\u00a0\u00a0\u00a0 ; retry
\n1W\u00a0\u00a0\u00a0\u00a0\u00a0 ; expire
\n3H )\u00a0\u00a0\u00a0 ; minimum
\n@\u00a0\u00a0\u00a0\u00a0 IN\u00a0\u00a0 NS\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ns1.msn.com.
\nwww\u00a0\u00a0\u00a0 IN\u00a0\u00a0 A\u00a0\u00a0\u00a0\u00a0\u00a0 192.168.1.40
\nns1\u00a0\u00a0\u00a0\u00a0 IN\u00a0\u00a0 A\u00a0\u00a0\u00a0\u00a0\u00a0 192.168.1.40
\n@\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 IN\u00a0\u00a0 A\u00a0\u00a0\u00a0 192.168.1.40<\/p>\n
[root @ rmohan named] # cd
\n[root @ rmohan ~] #<\/p>\n
4 Restart named service
\n[root @ zoro ~] # service named restart
\nStrmping named:. [OK]
\nStarting named: [OK]<\/p>\n
Two , Apache server configuration<\/p>\n
1 . First, create a test file need to use the main surface , as follows:
\n[root @ rmohan html] # ls
\nindex.html rm msn
\n[root @ rmohan html] # cat index.html
\nthis is home page
\nserver: 192.168.1.40<\/p>\n
[root @ rmohan html] # cat rm\/index.html
\nthis is rm page
\nserver: 192.168.1.40<\/p>\n
[root @ rmohan html] # cat msn\/index.html
\nthis is mns page
\nserver: 192.168.1.40<\/p>\n
(2) modify the main feature file \/etc\/httpd\/conf\/httpd.conf<\/p>\n
First enable NameVirtualHost field, which is a name-based virtual hosts specify an IP address, * indicates the machine ‘s IP address currently used .
\nNameVirtualHost *: 80 # this line is commented out by default , to remove its previous #
\nThen in the end of the file add the following:
\n<VirtualHost *:80><\/p>\n
# ServerAdmin webmaster@dummy-host.example.com
\nDocumentRoot \/var\/www\/html # document root directory. By default, all requests from this directory,
\nServerName 192.168.1.40 # machine ‘s name, said that with the IP address or domain name
\n# ErrorLog logs \/dummy-host.example.com-error_log # You can specify the error log storage directory ,
\nif not specified, the default is \/etc\/httpd\/logs\/access_log Lane
\n# CustomLog logs\/dummy-host.example.com-access_log common
\n<\/VirtualHost><\/p>\n
<VirtualHost *:80>
\nDocumentRoot \/var\/www\/html\/rm
\nServerName www.rm.com
\n<\/ VirtualHost><\/p>\n
<VirtualHost *:80>
\nDocumentRoot \/var\/www\/html\/msn
\nServerName www.msn.com
\n<\/ VirtualHost><\/p>\n
3 Restart httpd service<\/p>\n
[root @ rmohan ~] # service httpd restart
\nStrmping httpd: [OK]
\nStarting httpd: httpd: apr_sockaddr_info_get () failed for zoro
\nhttpd: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1 for ServerName
\n[OK]<\/p>\n
Third, the client test<\/p>\n
1 Test DNS correctly
\n[root @ station ~] # nslookup www.rm.com
\nServer: 192.168.1.40
\nAddress: 192.168.1.40 # 53<\/p>\n
Name: www.rm.com
\nAddress: 192.168.1.40<\/p>\n
[root @ station ~] # cat \/etc\/resolv.conf
\nnameserver 192.168.1.40<\/p>\n
[root @ station ~] # nslookup www.msn.com
\nServer: 192.168.1.40
\nAddress: 192.168.1.40 # 53<\/p>\n
Name: www.msn.com
\nAddress: 192.168.1.40<\/p>\n
These results without exception, which means that the DNS server running.<\/p>\n
2 Test page views
\nVisit http:\/\/192.168.1.40 using firefox, the returned results:
\nthis is home page server: 192.168.1.40<\/p>\n
Visit http:\/\/www.rm.com using firefox, the returned results:
\nthis is rm page server: 192.168.1.40<\/p>\n
Visit http:\/\/www.msn.com using firefox, the returned results:
\nthis is msn page server: 192.168.1.40<\/p>\n
Fourth, to further debug<\/p>\n
1 main httpd on the server with the file \/etc\/httpd\/conf\/httpd.conf in NameVirtualHost
\ncommented ( previously enabled , and now re- comment ) , and then restart httpd, and then view the test results.<\/p>\n
To the client to access the site , you will find ,
\nwhether it is http:\/\/192.168.1.40, http:\/\/www.rm.com, or http:\/\/www.msn.com,
\nthe result returned is “this is home page server: 192.168.1.40 “, that is the main surface http:\/\/192.168.1.40 content.<\/p>\n
2 In the above rmeration 1 , based on the then “ServerName 192.168.1.40” delete the contents of the virtual host that virtual host configuration read:
\nOmit part …… ……
\n# NameVirtualHost *: 80
\nOmit part …… ……
\n<VirtualHost *:80>
\nDocumentRoot \/var\/www\/html\/rm
\nServerName www.rm.com
\n<\/ VirtualHost><\/p>\n
<VirtualHost *:80>
\nDocumentRoot \/var\/www\/html\/msn
\nServerName www.msn.com
\n<\/ VirtualHost><\/p>\n
After editing , restart httpd.<\/p>\n
And then use the client browser access , whether it is http:\/\/192.168.1.40, http:\/\/www.rm.com, or http:\/\/www.msn.com, the returned results are “this is rm page server: 192.168.1.40 “, that is the main surface http:\/\/www.rm.com content.<\/p>\n
3 In the above rmeration on the basis of two , and then NameVirtualHost enabled , the upcoming primary service httpd file \/ etc \/ httpd \/ conf \/ httpd.conf NameVirtualHost before the comment character # remove , modify, complete, restart httpd.<\/p>\n
And then use the client browser access, access http:\/\/192.168.1.40 and http:\/\/www.rm.com, the returned results are “this is rm page server: 192.168.1.40”, visit http:\/\/ www.msn.com result returned is “this is msn page server: 192.168.1.40”<\/p>\n
Based on the above three rmerations , it can be concluded :<\/p>\n
If hpptd primary service file , # NameVirtualHost *: 80 is commented out ( default is commented out ) , then the httpd virtual function is not turned on, this time with the master file regardless of how many virtual hosts write ( corresponding in , to the specified DocumentRoot directory to create site pages , home must be index.html), eventually only the first one ( written on trm ) effect , namely client access where ServerName, ultimately points to the first ServerName the corresponding page .<\/p>\n
Conclusion II enabled virtual function, the main station ( This article is http:\/\/192.168.1.40, corresponding to the \/ var \/ www \/ html \/ index.html), have written to the virtual host inside, otherwise they would not be accessed . Such as rmerating three , access http:\/\/192.168.1.40 when , in fact, is not the main station visit , but the first virtual host http:\/\/www.rm.com page.<\/p>\n
Fifth, the access control<\/p>\n
In the above configuration file hosting www.msn.com last example .<\/p>\n
Use the virtual host where <Directory> container to set access control.<\/p>\n
1 . The virtual host configuration changes to the following:<\/p>\n
<VirtualHost *:80>
\nDocumentRoot \/var\/www\/html\/msn
\nServerName www.msn.com
\n<Directory “var\/www\/html\/msn”>
\norder allow, deny # Allow first , refused to
\nallow from 192.168.1. # allowed content , visit here allows 192.168.1.0 network
\ndeny from 192.168.1.123 # reject the content , where visitors refused to host 192.168.1.123
\n<\/ Directory>
\n<\/ VirtualHost>
\nRestart httpd.<\/p>\n
At this time , IP address is 192.168.1.123 host can not access www.msn.com home , there is the Apache test page , in the \/etc\/httpd\/logs\/access_log logs , you can see 403 error, as follows:
\n192.168.1.123 – [14\/May\/2013: 07:13:55 +0800] “GET \/ HTTP\/1.1” 403 5039 “-” “Mozilla\/5.0 (X11; U; Linux i686; en-US; rv: 1.9.2.24) Gecko\/20111104 Red Hat\/3.6.24-3.el6_1 Firefox\/3.6.24 ”
\nIn addition to 192.168.1.123 outside , 192.168.1.0 subnet other hosts , can be a normal visit www.msn.com homepage.<\/p>\n
(2) modify the virtual host configuration to the following ( as compared with the rmeration 1 , access control reverse the order ) :
\n<VirtualHost *:80>
\nDocumentRoot \/var\/www\/html\/msn
\nServerName www.msn.com
\n<Directory “var\/www\/html\/msn”>
\norder deny, allow # first refusal , after allowing
\nallow from 192.168.1.1
\ndeny from 192.168.1.123
\n<\/Directory>
\n<\/ VirtualHost><\/p>\n
Restart httpd.<\/p>\n
At this point , 192.168.1.0 subnet to all hosts , including 192.168.1.123, you can normally access www.msn.com homepage.<\/p>\n
3 . The virtual host configuration changes to the following ( as compared with rmerating two to allow and deny the contents of the swap for a moment ) :<\/p>\n
<VirtualHost *:80>
\nDocumentRoot \/var\/www\/html\/msn
\nServerName www.msn.com
\n<Directory “var\/www\/html\/msn”>
\norder deny, allow # first refusal , after allowing
\nallow from 192.168.1.123
\ndeny from 192.168.1.
\n<\/Directory>
\n<\/VirtualHost><\/p>\n
Restart httpd.<\/p>\n
At this time , IP address is 192.168.1.123 hosts can access www.msn.com home , in addition to 192.168.1.123 outside , 192.168.1.0 subnet other hosts can not access www.msn.com homepage.
\n4 Modify the virtual host configuration to the following ( as compared with rmerating three , access control sequence reversed ; compared with 2 , access control sequence is inverted, and the refusal to allow the content exchanged ; compared with one that allows and denial of the contents of the exchanged ) :<\/p>\n
<VirtualHost *:80>
\nDocumentRoot \/var\/www\/html\/msn
\nServerName www.msn.com
\n<Directory “var\/www\/html\/msn”>
\norder allow, deny # Allow first , refused to
\nallow from 192.168.1.123
\ndeny from 192.168.1.123
\n<\/Directory>
\n<\/VirtualHost><\/p>\n
At this point , 192.168.1.0 subnet to all hosts , including 192.168.1.123, do not have access to www.msn.com homepage.<\/p>\n
Based on the above four rmerations, explains what is wrong ? Dizziness, and that is not clear . Combination of two problems in the practical work,
\nprobably will not write it,
\nthe purpose of this experiment in terms of the demand for the same network segment , using only deny statements ,
\ndo not use allow statements will be more easily achieve access control.<\/p>\n","protected":false},"excerpt":{"rendered":"
RHCE training notes – Apache<\/p>\n
Linux under Apache, package is httpd. Httpd main distribution file is \/etc\/httpd\/conf\/httpd.conf, its configuration instructions are primarily divided into three parts : the control of the Apache server part ( the ‘global environment ); define the parameters of the primary or default services directive; virtual host setting parameters. Httpd plethora […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[50],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/2486"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2486"}],"version-history":[{"count":3,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/2486\/revisions"}],"predecessor-version":[{"id":2490,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/2486\/revisions\/2490"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2486"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2486"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2486"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}