RHCE Exam objectives - HTTP/HTTPS

RHCE Exam objectives - HTTP/HTTPS

Apache is the far most web server in use today. Based on the HTTP daemon (httpd), Apache provide simple and secure access to all types of content using regular HTTP protocol as well as its secure cousin, HTTPS.

Apache 2.2:

As befits its reliability, the best version to use is 2.2.22. It includes all updates to support the latest web pages, with the best possible security from the risks associated with the Internet.

Installation:

The RPM packages required by Apache are included in the ‘web server’ package group. The simplest way to install Apache after installation is with the following command:

#yum install httpd

The other way to install web server package is by installing Apache group.

#yum groupinstall “Web Server”

#chkconfig  - - httpd on  - start Apache automatically in all runlevels

#/etc/init.d/httpd start

#iptables  -I INPUT –p tcp –dport=80  -j ACCEPT   (Allow Apache through firewall)

Configure a virtual host:

To activate the virtual host feature, the first step is to activate this directive:

#NameVirtualHost *80

The following example is to configure a normal virtual host:

<VirtualHost *:80>

ServerAdmin webmaster@dummy-host.example.com

DocumentRoot /www/docs/dummy-host.example.com

ServerName dummy-host.example.com

ErrorLog logs/dummy-host.example.com-error_log

CustomLog logs/dummy-host.example.com-access_log common

</VirtualHost>

Make sure to check httpd.conf file with the following command.

#httpd  -t  (Apache will verify the config file specific problems like syntax errors)

If you have created multiple virtual hosts, you can check them with either of the following command

#httpd –S

#httpd  -D DUMP_VHOSTS

Secure virtual host:

To configure multiple secure virtual hosts add or uncomment:

NameVirtulaHost *443

All secure hosts can be configured in /etc/httpd/conf.d/ssl.conf file

<VirtualHost *:443>

DocumeRoot /www/docs/dummy-host.example.com

ServerName www.example.com

SSLEngine on

SSLProtocol all -SSLv2

SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

SSLCertificateFile /etc/pki/tls/certs/localhost.crt

SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

</VirtualHost>

Configure private directories:

By default Apache will have home directory as /var/www/html path. It’s better to separate the files for each web site in its own directory.  

For example we want to add path /www/ to Apache conf file. The way to do this is changing SELinux context for the folder /www/.

#ls  -Z /var/www

Note down SELinux contexts. We would need to set same SELinux contexts for /www/ directory.

#chcon  -R  -u system_u  /www/

#chcon  -R  -t httpd_sys_content_t /www/

To apply contexts permanently, run the following command:

#semange fcontext  -a  -s system_u  httpd_t_sys_content_t /www/

Creating password protected directory

This objective is also comes under “configure private directories” in RHCE topic HTTP/HTTPS.

Create a user with some password for web server access

# htpasswd -c /etc/httpd/test myuser1 

-c switch creates specified file, If you want add one more user leave  -c switch

To setup access to more than one user, you’ll also need a group file. For example,

design:  myuser1 myuser2

In this case AuthUserFile directive would be associated with /etc/http/test database and the AuthGroupFile directive associated with the group database

Apache User Access <VirtualHost *:80> <Directory "/var/www/html/help">         AuthType Basic         AuthName "Password Protected"         AuthUserFile /etc/httpd/test         Require User myuser1 </Directory> </VirtualHost>

Apache Group Access <VirtualHost *:80> <Directory "/var/www/html/help">         AuthType Basic         AuthName "Password Protected"         AuthUserFile /etc/httpd/test         AuthGroupFile /etc/httpd/group         Require group design </Directory> </VirtualHost>

Home directory access:

To enable home directory for local users, change the following directives,

#UserDir disabled

UserDir public_html

User Michel can access his home directory in browser by typing

http://192.168.122.5-/~michel/

Then anyone will have access to web pages that a user puts in his or her ~/public_html directory.

Additional settings can be configured by changing the following container

#<Directory /home/*/public_html>

Group managed Directories:

Create a regular user support and make other users member of that group. Set up permissions for directory /home/support like 2771.

#chmod  -R 2771 /home/support

Log in as a user member of the new group. Create new file in the public_html subdirectory. Check the ownership of the file. Make sure Apache can read that file.

Deploy a basic CGI:

Create a simple perl script called hello.pl

#!/usr/bin/perl

print “Content-type: text/html\n\n”;

print “Hello, world!”;

#chmod  755 hello.pl

To configure Apache to execute Perl scripts, change the following stanzas in httpd.conf look like below.

<Directory "/var/www/cgi-bin">

AllowOverride None

Options ExecCGI

AddHandler cgi-script .pl

Order allow,deny

Allow from all

</Directory>

Also make sure the following line exists and uncommented in httpd.conf

ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"

Copy or move the file hello.pl to directory /var/www/cgi-bin/

In browser you can type http://192.168.122.50/cgi-bin/hello.pl , if successful; the following words should show up in the body of the browser.
  

Download As PDF