CIS 217 - Oakton Community College



CIS 238 - UNIX System Administration

Lab Exercise #11: Apache Web Server, LAMP Server

Install a basic Web Server:

1) Install: lynx, httpd, httpd-tools, httpd-devel, system-config-httpd curl wget lynx w3m

2) In /etc/httpd/conf/httpd.conf

- Change ServerName to: p156.

- change the “listen port to 8080

Copy “web.txt” from Lab2 to /var/www/html/index.html

3) service httpd restart

4) telnet 127.0.0.1 8080

GET

.. and hit ENTER twice

5) curl

6) lynx -dump 127.0.0.1:8080

7) w3m -dump

Demonstrate the website for the instructor using Firefox browser

8) Add p156. to /etc/hosts as DHCP assigned IP address

Repeat steps 4, 5 using p156. replacing 127.0.0.1

Password secure the web server:

9) Create passwd file for your website: htpasswd -c /etc/httpd/conf/.htpasswd user1

Repeat for users2 –user9 (withoput –c)

chmod 644 /etc/httpd/conf/.htpasswd

10) Create .htaccess file in your DocumentRoot:

AuthUserFile /etc/httpd/conf/.htpasswd

AuthGroupFile /dev/null

AuthName “EnterPassword”

AuthType Basic

require valid-user

11) vi /etc/httpd/conf/http.conf:

Change DocumentRoot as follows:

AllowOverride AuthConfig

12) service httpd restart.

13) Try accessing the web site and you'll be prompted for a password.

Lab Exercise #11: Apache Web Server, LAMP Server

Install MySQL Database Server

14) Pick one:

dnf install

dnf install

dnf install

dnf install

dnf install

dnf install mysql-community-server

15) Start the mysql daemon,

service mysqld start

16) Find randomly generated root password (secure installation)

grep 'A temporary password is generated for root@localhost' /var/log/mysqld.log |tail -1

17) /usr/bin/mysql_secure_installation

Follow the prompts:

Change root password

Remove anonymous users

Disallow root login remotely

Remove test database and access to it

Reload privilege tables

18) check by logging in

mysql -u root -p

Enter Password:

exit;

19) Create a new MySQL User: To create a new mysql user ‘guest’ with ‘all privileges’ on database ‘demo’

mysql –u root –p –e ‘create database demo’

mysql -u root -p

mysql -h localhost -u root -p

SHOW DATABASES;

use mysql;

SHOW TABLES;

CREATE USER 'guest'@'localhost' IDENTIFIED BY '';

DROP USER 'guest'@'localhost';

CREATE USER 'guest'@'localhost' IDENTIFIED BY '';

SELECT user FROM user;

SHOW COLUMNS FROM user;

SELECT user FROM user WHERE user='guest';

GRANT ALL PRIVILEGES ON demo.* TO 'guest'@'localhost' WITH GRANT OPTION;

FLUSH PRIVILEGES;

quit; -OR- exit;

Python – native interface, see also mod_wsgi

20) Create Python CGI program /var/www/cgi-bin/test.cgi

#!/usr/bin/python

import cgitb

cgitb.enable()

print (“Content-type: text/html\n\n”)

print (“Hello World”)

Then:

chmod 755 test.cgi

service httpd restart

21) Point your browser to:

Lab Exercise #11: Apache Web Server, LAMP Server

Install PHP

22) Install PHP Scripting Language

yum install php

yum search php | grep mysql

yum install

yum install php*http*

23) Restart the apache to load php.

service httpd restart

24) Test PHP: Create a file named /var/www/html/test.php with the following phpinfo() function inside php quotes.

// test.php

25) Point your browser to 

Install PERL

26) Install Perl

yum install mod_perl

27) Verify Apache CGI scripts are placed in the /var/www/cgi-bin/ directory as defined by the ScriptAlias directive in the httpd.conf file:

ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"

28) Create Perl CGI Program: /var/www/cgi-bin/test/test.cgi

#!/usr/bin/perl

# CGI Script "test.cgi"

print qq(

Linux Home Networking

Success!

);

29) Point your browser to:

Lab Exercise #11: Apache Web Server, LAMP Server

Apache self-cert install:

Fedora 15 (RHEL 6)

30) Install SSL software:

yum install openssl

yum install mod_ssl

31) mkdir /etc/httpd/conf/ssl; cd /etc/httpd/conf/ssl

Generate RSA private key without a passphrase:

openssl genrsa -out .key 1024

(Don’t do this): openssl genrsa -des3 -out .key 1024

Generates a RSA key with a passphrase - you will be prompted to enter a passphrase right after you hit enter and when Apache starts. You should generally NOT generate the RSA private key with a passphrase if you have scripts that restart apache automatically; Apache will just sit there and wait for the script to input the passphrase.

32) generate the CSR using the RSA Private Key

openssl req -new -key .key -out .csr

Enter your Common Name, Organization, Organization Unit, City or Locality, State or Province and Country.

At email address and challenge password, just hit enter.

Country Name (2 letter code) [XX]:US

State or Province Name (full name) []:Illinois

Locality Name (eg, city) [Default City]:Skokie

Organization Name (eg, company) [Default Company Ltd]:Oakton Community College

Organizational Unit Name (eg, section) []:CIS

Common Name (eg, your name or your server's hostname) []:

Email Address []:

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

33) Generate self-signed cert (or send ,csr to 3rd party vendor for 3rd party cert):

openssl x509 -req -days 365 -in .csr -signkey .key -out .crt

34) chmod all files to 600, owner and group = root

35) Add to Apache main server(s):

vi /etc/httpd/conf.d/ssl.conf

# Server Certificate:

# SSLCertificateFile /etc/pki/tls/certs/localhost.crt

SSLCertificateFile /etc/httpd/conf/ssl/.crt

# Server Private Key:

# SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

SSLCertificateKeyFile /etc/httpd/conf/ssl/.key

repeat for each virtual server

Fedora 19 (RHEL 7) see text:

36) yum install mod_ssl openssl

37) grep ‘^SSLCertificate’ /etc/httpd/conf.d/ssl.conf

38) cd /etc/pki/tls/certs

39) make localhost.key (enter passphrase)

40) make localhost.crt (enter passphrase)

41) mv localhost.key ../private

42) service httpd restart (enter passphrase)

43) netstat –an | grep 443

44) point browser to

45) cat /etc/pki/tls/certs/localhost.crt

Fedora 28

46) openssl genrsa -out p156..key 2048

openssl req -new -key p156..key -out p156..csr -sha512

openssl x509 -req -days 365 -in p156..csr -signkey p156..key -out p156..crt -sha512

cp p156..crt /etc/pki/tls/certs/

cp p156..key /etc/pki/tls/private/p156..key

cp p156..csr /etc/pki/tls/private/p156..csr

47) vi /etc/httpd/conf.d/ssl.conf

DocumentRoot "/var/www/html"

ServerName p156.:443

SSLCertificateFile /etc/pki/tls/certs/studentxx.p156..crt

SSLCertificateKeyFile /etc/pki/tls/private/studentxx.p156..key

48) Restart httpd service

service httpd restart

49) Port 80 redirect (experimental)

Change Apache default port back to 80

Add the following to httpd.conf

DocumentRoot /var/www/html

ServerName p156.

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

50) Restart httpd service

service httpd restart

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download