Basic Apache server
configuration
Installing
Apache
When
you’re working with Apache, you need two packages. The first is httpd, which
actually installs the Apache web server. The second is the mod_ssl package, which
provides the ability to create secure websites.
Step
1. Install the two required packages:
# yum install –y httpd mod_ssl
Step
2. Verify that the packages were installed correctly:
# rpm -qa | grep http
httpd-2.2.15-5.el6.x86_64
httpd-tools-2.2.15-5.el6.x86_64
# rpm -qa | grep ssl
mod_ssl-2.2.15-5.el6.x86_64
openssl-1.0.0-4.el6.x86_64
Step
3. With the packages installed, make sure that the service is set to start when
the system boots:
# chkconfig httpd on
Step
4. Verify your changes:
#
chkconfig httpd --list
httpd 0:off 1:off 2:on 3:on
4:on 5:on 6:off
Open
http main config file
# vi /etc/httpd/conf/httpd.conf
DocumentRoot “/var/www/html”
Test
the config file:
# service httpd configtest
Syntax OK
# service httpd restart
Stopping httpd: [
OK ]
Starting httpd: [
OK ]
Firewall and SELinux Configuration
For
your web server to become fully functional, you need to make some security Changes.
First and foremost, the firewall needs to be opened on port 80.
Step
1. Use iptables to create the additional firewall rules:
# iptables -I INPUT -p tcp -m
tcp --dport 80 -j ACCEPT
Step
2. Save the firewall rules you have just created:
# service iptables save
Saving
firewall rules to /etc/sysconfig/iptables: [
OK ]
Step
3. Then restart the iptables service:
# service iptables restart
iptables: Flushing firewall rules: [
OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [
OK ]
iptables: Applying firewall rules: [
OK ]
Some Changes required in SELinux
You
need to disable the SELinux service protection to be able to utilize basic web services.
Step
1. Query for the Boolean value you need to change:
# getsebool -a | grep httpd_dis
httpd_disable_trans --> off
Step
2. Disable the SELinux protection:
# setsebool -P httpd_disable_trans=1
Step
3. Verify that the Boolean has changed:
# getsebool -a | grep httpd_dis
httpd_disable_trans --> on
Create Web Directories
Step
1. Create the customer web directories:
# mkdir /var/www/site1
# mkdir /var/www/site2
Step
2. Check the current context of the files:
# ls -Z /var/www
drwxr-xr-x. root root system_u:object_r:httpd_sys_script_exec_t:s0
cgi-bin
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 error
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 html
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 icons
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0
site1
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0
site2
You
can change the context of the customer sites to match the default site (the html
directory).
Step
3. Use the chcon command to change the context of the user and domain:
# chcon -Rvu system_u site1
changing
security context of ‘site1’
# chcon -Rvu system_u site1
changing
security context of ‘site1
Step
4. You also could reference the default directory for a single command:
# chcon --reference=html site2
This
changes the site2 directory to match the html directory’s SELinux context.
Step
5. You can now check again and verify that all the context fields for the two customer
site directories have been changed correctly:
# ll -Z
drwxr-xr-x. root root system_u:object_r:httpd_sys_script_exec_t:s0
cgi-bin
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 error
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 html
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 icons
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 site1
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 site2
Now
finally open browser and check your web site.
http://yourlocalIP or http://127.0.0.1
2 comments:
Please post similar ones..
step wise for vsftpd, and other parts as well
Thanks
.......
Post a Comment